Are smart safes secure? Not after we've USB'd them, say infosec bods

If you make an armoured box and put electronics on it, what do you expect?


Vulnerabilities in “intelligent cash safe service” Brink's CompuSafe's cash management produces will be demonstrated at the Def Con hacker conference in Las Vegas next week.

Brink's CompuSafe offers a “smart safe as a service” technology to major retailers and fast food franchises. This smart safe can communicate how much money is being held in the safe at all times and can hold up to $240,000.

The technology is used to offer end-to-end management of cash, transporting it safely from your storefront safe to your bank via armoured car. Around 14,000 Brink’s CompuSafe smart safes are currently deployed across the United States.

The smart safe features an easily-accessible USB port on the side of the safe that's needed for technical troubleshooting.

Security researchers from IT security consultancy Bishop Fox discovered they were able to "simply insert a USB into the safe, and remotely access the smart safe to learn how much money is in the safe itself, as well as unlock it with in 60 seconds," according to a spokeswoman. "Once it is unlocked you can simply walk up to it, open the door, and take the cash."

A short cartoon put together by Bishop Fox and summarising the threat can be found below.

Brink's Smart Safe Hacking - 27July2015

Details of the "Jacksploiting" for smart safes exploit are not, as yet, altogether clear but the researchers told Wired that CompuSafe Galileo safes run on an embedded version of Windows XP and could be vulnerable to a malicious script inserted into a safe on a USB stick.

This offers a means to bypass controls and open a safe.

It's also possible to hack into the database stored on the safe and alter records using the same technique.

Pulling off a theft would require physical access to the safe by thieves, who would still have to worry about CCTV and would likely need the help of a corrupt insider. Nobody is supposed to be able to open the safe on their own, something exploits based on the vulnerability would run rings around.

Bishop Fox alerted Brink's to this vulnerability, but "nothing has been done to remediate the issue", a spokeswoman told El Reg. We approached Brinks for comment but are yet to hear back at the time of going to press. We'll update this story as and when we hear more.

The two Bishop Fox researchers – Dan “AltF4” Petro and Oscar Salazar – are due to demo the exploits at a presentation entitled Hacking Smart Safes: On the "Brink" of a Robbery.

During this talk, we’ll uncover a major flaw in the Brink’s CompuSafe and demonstrate how to crack one open in seconds flat. All you need is a USB stick and a large bag to hold all of the cash. We’ll discuss how to remotely takeover the safe with full administrator privileges, and show how to enumerate a target list of other major Brink’s CompuSafe customers (exposed via configuration files stored right on the safe).

The researchers stress that the presentation is about "exposing flaws in the Brink’s Compusafe to improve security and allow pen-testers to demonstrate these flaws to their customers."

Please use this information responsibly, they add. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021