Hacker Set To Demonstrate 60 Second Brinks Safe Hack At DEFCON

darthcamaro writes: Ok so we know that Chrysler cars will be hacked at Black Hat, Android will be hacked at DEFCON with Stagefright, and now word has come out that a pair of security researchers plan on bringing a Brinks safe onstage at DEFCON to demonstrate how it can be digitally hacked. No this isn't some kind of lockpick, but rather a digital hack, abusing the safe's exposed USB port. And oh yeah, it doesn't hurt that the new safe is running Windows XP either.

Seriously!

[invictusvoyd]

Digital safe running XP = = special ops commando running with a muzzle load flint lock.

Re:Seriously!

[Viol8]

A flintlock that has a good chance of exploding in your face when you fire it because Ball 1.1 is slightly too big for Barrel 1.0.

Re:Seriously!

[Stuarticus]

Yeah they should be running Windows ten, so many bugs even the exploits won't run.

Re:Seriously!

[invictusvoyd]

And support fro barrel 1.0 has recently been terminated. The shiny new barrel is called barrel ME . Ya gotta get it because you have NO choice . I repeat no choice.

Re:Seriously!

[thegarbz]

I think a more apt example would be a special ops commando dragging a trebuchet. It's slow, unwieldly, probably would hinder you more than help you, and is incredibly heavy for an otherwise simple mission.

The WTF is not that it is running Windows XP, it's that it is running a full blown OS at all.

Re:Seriously!

[invictusvoyd]

Security by obscurity

Re:Seriously!

[Mal-2]

In this case, the Windows version is irrelevant. They didn't attack Windows, they attacked the software running on top of it. Since the OS wasn't compromised, upgrading it would do one of two things: (1) break things, either a little or a lot OR (2) absolutely nothing.

"Even if the CompuSafe were running Windows 10, it wouldn't have changed the exploit that we will be demonstrating," Salazar said.

It's right in there. Of course that would require reading the article, and I'm sure I broke some unwritten rule by doing so.

Re:Seriously!

[invictusvoyd]

I've read the article and am fully aware that windows XP had no role in this particular exploit but just the thought of a digital safe running a fully blown bloatware OS like XP is so offending that many of us can't restrain ourselves .

Re:Seriously!

[oobayly]

This was my immediate thought too. Dave on eevblog did two videos on seeing if there was a power line vulnerability on a cheap digital safe - they're pretty interesting, plus he's quite amusing to watch.

EEVblog #762 - How Secure Are Electronic Safe Locks?
EEVblog #771 - Electronic Safe Lock Powerline Attack Part 2

Re:Seriously!

Oh, you think the OS size used on embedded devices is the same as what's installed on a typical PC. That's cute.

Re:Seriously!

[K.+S.+Kyosuke]

Apparently, the Jevons paradox works for software, too!

Re: Seriously!

It says windows xp. Not embbedded or pos variation.

Re:Seriously!

[K.+S.+Kyosuke]

In this case, the Windows version is irrelevant. They didn't attack Windows, they attacked the software running on top of it.

There may be a somewhat strong correlation between being so stupid that you decide to run Windows XP on a sensitive embedded system and being so stupid that you write a sensitive application in a way that makes the whole system have obvious mistakes in it.

Re:Seriously!

[nate_in_ME]

I didn't read the actual article, but from some other comments on here, it sounds like this is doing a bit more than a traditional safe: Counting the funds inserted and Transmitting this deposit to the bank to name just a couple things. This means: - Network/Internet access to some degree, including all the necessary security features (SSL, etc) - Peripheral access (bill reader) - Some sort of confirmation on the safe that the deposit was completed Considering this has been described by some as an "ATM in reverse", it probably makes sense to use the same code base as an ATM, which in many cases means XP embedded (or its newer versions).

Re:Seriously!

[BitZtream]

Because?

No, you have no reason why XP is wrong for the job, you're just parroting what you've heard others say without understanding why.

In an embedded environment with limited attack vectors, XP is fine.

Note: They aren't even attacking XP here, they are attacking the software Brink's themselves wrote. Might be a good idea to get a clue before blaming the wrong thing fanboy.

Re:Seriously!

[Joce640k]

The article says it's nothing to do with the OS, but any excuse, eh?

Re: Seriously!

[BitZtream]

Windows XP comes in Desktop, Embedded and POS variants, when they don't tell you which one, you assume the most ill suited?

You aren't real bright, are you?

Re: Seriously!

[flux]

For controlling a safe an MCU-based system would be most suited.

Re:Seriously!

[zerosomething]

Security by obscurity

Really, what were they thinking by not using OS2.

Re:Seriously!

[vtcodger]

A "safe" with a USB port? What could possibly go wrong?

Re:Seriously!

[houghi]

I know why it is running a full blown OS: Money.

Making something specific would cost mlore than XP. Perhaps not even in initial money, but in e.g. time to market or development.

Re: Seriously!

If the OS was Linux there'd be scamperin' going on to show it had nothing to do with the OS.

Re: Seriously!

It amazes me, too. There are people out there using embedded devices running Linux to blink a few lights. You do that stuff from the reset vector, not with a big ugly OS.

Re: Seriously!

A 4 x 5 circuit board full of TTL would be more suited.

Re: Seriously!

[K.+S.+Kyosuke]

If I'm not mistaken, a single monolithic VLSI circuit ought to be more reliable than a PCB full of SSI/MSI circuits. The sheer number of soldered points alone should be a factor in this.

Re:Seriously!

[Demonoid-Penguin]

Because?

No, you have no reason why XP is wrong for the job, you're just parroting what you've heard others say without understanding why.

In an embedded environment with limited attack vectors, XP is fine.

Note: They aren't even attacking XP here, they are attacking the software Brink's themselves wrote. Might be a good idea to get a clue before blaming the wrong thing fanboy.

Agreed. Likely version that ATMs that run XP it's probably the embedded version (on a cheap single board computer with a USB sevice port). Most of the insecurities in XP vanish when you don't attach a web browser, many of the rest when you strip out what isn't in the embedded version. So XP can be made pretty secure. It's possible that it's firewalled - I'd hope so.

It's also possible the Brinks app is Java - and that the exploit is an MiM. In which case the same weakness would likely remain on whatever OS is was running on.

Granted that's a lot of "possibilities". However they're presumptions (mostly a guess based on something) - most of the posts in this thread are pure assumption.(pure guess).

Why does Brinks use software running on an OS? Two reasons I can think of:- they want to see easy customisability as a feature, it's a cheap platform for them to work with. Now they may have to reassess the costs for the latter reason.

And I'm not a fan boi - I run Linux except where I run BSD. I also have more tools than a hammer, and my pepper grinder can be adjusted to grind the size appropriate for the desired result.

Re:Seriously!

[Chatsubo]

If the main consideration were money, you would think an open-source OS would win.

Re:Seriously!

[ShanghaiBill]

If the main consideration were money, you would think an open-source OS would win.

People dumb enough to buy a safe with a USB port are probably more comfortable with Windows.

Re:Seriously!

[ripvlan]

Except they claim Windows 10 wouldn't have helpped. They bypassed the Kiosk and went straight to the underlying system.

Re:Seriously!

[TWX]

You're assuming that the end owner of the safe even has access to the Windows Shell in a meaningful way. I expect they've replaced the shell with something of their own devising.

I also expect that they spent as little as possible on making the computer-side of the device and didn't even consider the digital security aspects of their choices. Pretty stupid for a security company, but it wouldn't be the first time that such decisions have been made.

Re: Seriously!

[KGIII]

Any malware on a Windows system is bad Windows security. Any malware on Linux is Linux is the kernel! Very few (lately) exploits are Windows kernel (the explorer.exe process) and most are a fault of an application running on top of the kernel (which should have, and does have, better protection). We just see what we want to see and have our own prejudices. If we strip it down to current threats across the kernel (or across software loaded on the kernel) but keep them equal the numbers look different which is not to say the actual malware numbers match.

An interesting aside was the recent article about a MMS malware vector for Android. When we count Linux installs we happily count Android. When the malware article showed up that view was not so popular. Of course, it won't be counted because it is not the kernel. We will find justification to reenforce our beliefs no matter how much evidence is contrary to those beliefs. We are humans, it is what we do.

And no, I am not a Windows shill. I do use Windows from time to time but I mostly use Mint and, lately, CentOS. I was also a Microsoft MVP (Shell, IE/OE, Security) for quite some time. I was also a Unix user (SunOS/Solaris mostly) for even longer before that. I do own two Apple products, modern - a few if we count older stuff, but I am not familiar enough with OS X/iOS to claim that I actually use them - they are nice but I just can not get past the interface to learn to be comfortable with them, my own failing. So, no, I am not really a fan of any OS or any distro. I am a slut and will use them all to my advantage.

Re:Seriously!

With limited access, XP is just fine, and has been used as a decent embedded OS for a decade+ now.

Would I personally use it for a safe? No.

I believe in defense in depth, so probably would have started with a secure variant of QNX, a version of embedded Linux/Android, or some other OS with as few things running as possible, but supports touchscreens. I would also add a few things:

1: No external USB ports. Too much hanky panky can be done, even if it is plugging a keyboard, hitting control-alt-delete in efforts to reboot a misconfigures Linux install. Instead, a SD port would be used for uploading firmware upgrades and OS images.

2: Some "oh shit" way of reloading firmware if it is bricked. What I see for this is using the SD card and a well tested bootloader. Since SD cards have 10% of their media dedicated to an encrypted, signed partition, using that for a signed firmware reload would be a possibility.

3: Segmentation/containerization/virtualization. Not hard to implement if designing from the ground up. This is a relatively simple task. If it is a safe connected to an accounting system, separate the two with limited communication between the two partitions, with no direct way that the accounting software side can tell the safe to open or alter its functionality.

4: Good old fashioned locking down SUID/SGID binaries and regression testing before release.

Re:Seriously!

[firesyde424]

You may have just created a time paradox that would destroy the universe as we know. On the other hand, it may just be localized to those who don't read the article...

Re: Seriously!

[lister+king+of+smeg]

If the OS was Linux there'd be scamperin' going on to show it had nothing to do with the OS.

In Windows the whole stack, is monolithic chunk, your browser your display manager, your, shell and you kernal all come together and a re made by the same group. In Linux distros everything is modular can be swamped out, and is made by unrelated groups (KDE, GNU, Apache, Mozilla, Oracle, X11, OpenSSH, Redhat), So it is only a Linux bug if it is in the Linux Kernel. It is a windows bug if it comes with anywhere in the whole software stack (NT kernal, trident rendering engine, .net runtime, win32 libraries ) we call Windows.

Windows == Large Stack of Software
Linux == Kernal

Re:Seriously!

[cfalcon]

> The article says it's nothing to do with the OS, but any excuse, eh?

That is not what it says. What it says is:

'
"Even if the CompuSafe were running Windows 10, it wouldn't have changed the exploit that we will be demonstrating," Salazar said.
'

That's not "nothing to do with the OS". That's "any version of Windows".

Re: Seriously!

[cfalcon]

Malware in Windows is bad because Windows only has one "distro" at a time, so Windows is the whole OS. That means, there's no group of people elsewhere doing it correctly that you could have used instead, and much more importantly, *it's almost impossible to replace any part of the Windows OS anyway".

The complainers are correct. Since every Windows comes "stamped and sealed", it either fails or works entirely holistically. Since Linux has so many more pieces, it's not nearly as interesting if a single Distro, or a replaceable piece thereof, has an issue- and it won't hit the whole ecosystem.

I also think that the "stamped and sealed" concept encourages Microsoft to underengineer certain parts. "Ok, well, the ONLY guy that interacts with this dude is X, and X never gives us that input" is a valid thought when trying to implement Y, but in Linux world, you end up needing development to handle the other cases from the start.

Windows is not fundamentally broken or anything like that, but it certainly seems to be entirely exploitable and ludicrous to use in any fixed hardware / embedded cases. And yet, it is. A safe should not be running XP, or 7, or 10, or anything else by Microsoft- it should be running a real time OS, or, *worst case*, a stripped down / locked down BSD or Linux. Windows is a consumer OS, a gaming OS, and a creativity, development, and productivity OS. Microsoft intends it to be a server OS and you can make a solid case for that (I wouldn't), but for use in a fixed platform hardware device? It's a sitting duck.

Re: Seriously!

[sjames]

Part of the issue is that the software that comes standard with Linux dwarfs what comes with Windows. For example, Linux distros typically come with and office suite (or 2), multiple mail servers and clients, a full development suite and many many more things that you must buy separately for Windows.

Of course, you can easily do a minimal (base) install of Linux that includes no GUI at all.

So, at best it's a matter of picking and choosing a kinda sorta apples to apples installation of Windows and Linux. Where there's picking and choosing, there's cherry picking...

Re:Seriously!

A "safe" with a USB port? What could possibly go wrong?

It would not be an issue if the port was INSIDE the safe (required the door to be open in order to access). Seriously guys, you are supposed to be physical security professionals.

wow

[invictusvoyd]

"A large portion of the attack is about escaping out of the kiosk mode that is put in place on the safe, in order to prevent someone from accessing the backend system,"

And I thought Tom Cruise would be dodging laser beams and planting a sophisticated code cracking super gadget into the USB port.

Re:wow

[Megane]

If they had used a Mac instead, Jeff Goldblum would get the safe to hack YOU! (In Soviet Russia, of course!)

Ok so deres haxxorz. Ok so dey be haxxin.

Ok so I can stop reading at the very first sentence because all we get is scary scare words of scaring... and that's it.

competition

Welcome to capitalism, where you have a lot of choice, nearly none of which is any good.

I also have a toy safe. I don't make a big deal of being able to crack it open.

Re:competition

[kenai_alpenglow]

How the heck is this the fault of capitalism?! The alternative would be something like "Welcome to ____, where you have ONE choice, which isn't any good". Oh, and try to work any fix through the bureaucracy... If anything, capitalism might cause the manufacturer to fail against some competitor.

Re:competition

[dryeo]

Why do you think that the alternative to capitalism would be a dictatorship? We have real examples of operating systems that are written for other reasons then money, some if which have been successful enough to attract capitalists. Early Linux is probably the most well known example of a operating system written in a socialist manner.

Why not have mechanical security too?

[Viol8]

Surely if this is supposed to be a highly secure box it would be a good idea to have an old fashioned mechanical lock alongside the electronic stuff so if one system fails the other is still in operation? Also what happens in a power cut?

Re:Why not have mechanical security too?

[Mal-2]

It's basically an ATM in reverse, for stores. Put money in, and you're not SUPPOSED to be able to get it back out. Instead, it immediately shows up in your bank account. The bank will come around and empty the safe when it is convenient to them. If the power fails, they'll just have to come back some other time.

At least that's the plan. The exploit clearly shows that someone other than the bank or a Brinks employee CAN open the safe.

But of course, nobody reads the articles before complaining. This is /. after all.

Re:Why not have mechanical security too?

[Viol8]

Thanks, but I did read the article first. However obviously you must have understood it much better than I, so if you could point me to the part that describes why a mechanical backup lock would be impossible to install in the safe I'd be much ablidged.

Re:Why not have mechanical security too?

[invictusvoyd]

People on /. are smarter than you think. Since the article summary contains the word "Windows XP" the "fact" that many other people can open the safe was an automatic assumption.

Re:Why not have mechanical security too?

[msauve]

OK, I'll play.

it would be a good idea to have an old fashioned mechanical lock alongside the electronic stuff so if one system fails the other is still in operation? Also what happens in a power cut?

So, you seem to be describing this mechanical backup in two different ways - first, as a backup for the locking function. Second, as a backup for the _unlocking_ function. Which is it? Do you mean for the mechanical system to also need to be opened in order to open the safe, to protect against electronics hacks like this one and eliminating the advantages of an electronic lock? Or, do you mean it to allow the safe to be opened even if the electronics fail, reducing overall security?

Re:Why not have mechanical security too?

Also what happens in a power cut?

Locks like this usually use a solenoid to pull the locking pins out of the door when energized. Unless the manufacturer is a complete idiot, an unpowered safe will be unopenable.

Re:Why not have mechanical security too?

[Joce640k]

You can open the safe with just a piece of metal?

Yeah, that'll work.

Re:Why not have mechanical security too?

[Viol8]

No, I meant as a secondary seperate lock you idiot.

Re:Why not have mechanical security too?

[Viol8]

Who said anything about a key? You ever seen a proper combination banking safe? Anyway, I meant have the mechanical locking as a secondary backup, not as a failsafe opening mechanism for the electronic lock.

Re:Why not have mechanical security too?

Quite the contrary. People on /. are not nearly as smart as they think. This hack has nothing at all to do with XP. Therefore, the "automatic assumption", as with most stupidity, is incorrect.

Re:Why not have mechanical security too?

[moosehooey]

So if the power is out and the electronic lock can't be opened, how is your separate lock supposed to help, idiot?

Re:Why not have mechanical security too?

[fisted]

They probably didn't imagine their electronic lock to be vulnerable; you'd only install a mechanical backup if you already assume that your primary locking mechanism is not secure. News at 11, "smart" guy.

Re:Why not have mechanical security too?

[Viol8]

Wtf has power out got to do with it? That was a seperate issue question. FFS, can you read english?

Re:Why not have mechanical security too?

[Viol8]

In plenty of fields (aviation, industrial, railway) there's always a backup failsafe system. No one expects any one system to be 100% fooolproof. Perhaps they - and you - could go learn something from these areas.

Re:Why not have mechanical security too?

Someone took a little too much vitamin bitchy this morning

Re:Why not have mechanical security too?

[fisted]

To put it in your own retarded words:
Thanks, but I did think about what i wrote first. However obviously you must have understood it much better than I, so if you could point me to the part that describes how I personally assume that any particular system was secure, I'd be much ablidged[sic].

No one expects any one system to be 100% fooolproof

I'm pretty sure that's not true. For an example of a safe manufacturer that does expect this, see this very story.

Are you done now making yourself look like an idiot?

Re:Why not have mechanical security too?

[Viol8]

"To put it in your own retarded words:"

Not sure what the paraphrase is achieving there. I guess thats between you what passes for your braincell.

"I'm pretty sure that's not true"

Ok , no one with a clue expects.

"Are you done now making yourself look like an idiot?"

Sorry, I think you've been looking in the mirror by mistake. Go lie down and have a rest. Maybe the cluetrain will pull into town for you soon.

Re:Why not have mechanical security too?

[fisted]

I guess the irony here is lost on you.

Re:Why not have mechanical security too?

[magarity]

ATMs (the kind built into the wall at the bank) take deposits these days, so why not just use one of those?

Re:Why not have mechanical security too?

[Coren22]

This safe is located in the store, it also likely is designed to take much larger number of bills compared to the ATM input hopper.

Re:Why not have mechanical security too?

[bws111]

ATMs require access to the account. Think it's a good idea to give all your employees access to your bank account?

ATMs do not count the money (well, some count individually inserted bills - just what you want your employee to be doing)

ATMs do not create reports of deposits made.

ATMs do not allow management to remotely check on deposits.

Re:Why not have mechanical security too?

[msauve]

Are you unable to understand English? If it's a "secondary separate lock," how does that help if the primary, electronic lock fails to open? It's still locked.

And, if it's a secondary, mechanical unlock, then how does it prevent the hack at issue from being effective?

Re:Why not have mechanical security too?

Try turning your cunt dial down from 11 sweetie

Re:Why not have mechanical security too?

Hang on, so you're saying this is /.?

Damn, you're quite the Sherlock.

Re:Why not have mechanical security too?

[magarity]

Your objections are just a matter of software for an ATM customized for this application. Except the one about ATMs not able to count money. Huh? You can put a stack of cash in the thing and it will count the money including identifying the denominations.

Re:Why not have mechanical security too?

[bws111]

And by the time you have modified the ATM software you no longer have an ATM, you have this safe. So what exactly is the point?

Re:Why not have mechanical security too?

[Viol8]

That the best comeback you can manage? Go back to bed.

Re:Why not have mechanical security too?

[fisted]

This isn't about comebacks. For me, anyway.

Interesting Observation...

[KGIII]

I have been to defcon in the past. What is amusing is all the people there from a variety of three letter agencies. They are usually the ones with nice shoes and/or dressed in dark attire. That is my impression at least though I suppose I could be mistaken. Anyhow, the amusement is in the number of them. I suspect they could send fewer or just get together and send a lot fewer people. In some of the smaller and more detailed talks there would be a bunch of them and they seem to gravitate towards each other.

I wonder about the possibility of an event where the feds were not invited and the venue was invite only sans marketers? They would need some way to vet attendees and some would get in through the cracks. Blackhat Con USA was weird feeling. You are sitting there in a talk and you know you are surrounded by law enforcement. I can only imagine that they are like the pervs that attend gaming conventions these days. (I have not been to a gaming convention in a good many years. I did go and get Dungeons and Dragons in loose-leaf format once but that was oh so many years ago and I am too old for such now.)

Re:Interesting Observation...

Of course now that you think you have recognized to obvious three letter agencies, there are probably a few there that are some not so easily recognized, you know that cool guy in black t-shirt and jeans might also be one of them.

Re:Interesting Observation...

Yeah, I thought about that. Still, those are the guys who are clean cut and wear nice shoes. I did mention that I could be mistaken. I am assuming that I did not recognize all of them nor did I really try to but watching people is a hobby of mine. I might have identified the majority but who knows? I sure as hell do not know. For all I know they were the folks who actually worked the conventions on the floor appearing to be "little people" checking tickets. The ones in nice suits could have even been just normal people (or decoys, I suppose) from companies that insist representatives wear dark suits to anything public.

KGIII

- I hit my 50 posts per day limit. That is an idiotic and arbitrary rule especially given that it is applied to those who have the highest possible karma rating. Ah well... Stupid rules for everyone! I may reply as AC (if it is interesting) but probably not as I hate to do so. Your post was interesting so, what the hell? I figure if I say it, for bad or good, it is owned by me which means I am accountable for it. I do not care what folks think so much as I care about how I think and how I approach stuff. This gibberish mostly added to ensure that it is still fairly evident that it is really me. Not too many folks write in the absurd manner that I do so it should be pretty safe to assume I am not anyone other than the GP.

Re:Interesting Observation...

[meta-monkey]

You check out as the real KGIII. Or a very good KGIII Markov chain text generator.

Re:Interesting Observation...

[Demonoid-Penguin]

I have been to defcon in the past. What is amusing is all the people there from a variety of three letter agencies.

Spot the Fed is always fun. I've always wondered how many that look obvious then are just low ranking Postal workers taking the piss.

There's been talk in the past of banning them - but I don't think the organisers are actually serious about it. I think it's one of the main attractions. They have the best swag to swap.

Standards

[invictusvoyd]

The good thing about standards is that we have so many of them to choose from.

Re: Standards

The better choice would have been to involve a very good embedded hardened OS and make very spare, secure features. This way you absolutely limit your open vectors and the ones that have to be open are secure.

Re:Safes are for cows.

This fella surely works at Microsoft. He's probably the head of the Wondose 10 team .

Why?

[bickerdyke]

Why does a safe need an operating system?

And then why for heavens sake has it to be a desktop operating system? Does it need to run MS Office or what was the design idea here? It's not like there are especially hardened OSses out there for embedded devices. (Not to mention that this means we have a safe that's running on a x86 architecture)

And after having such a terrible design idea, why have it implemented by a moron using an out of date, unsupported, and buggy OS?

Re:Why?

The same question could easily be asked about voting machines. The answers here are fairly obvious, and there is a definite overlap in the answers for each case.

Re:Why?

Because for all kinds of reasons, both technical and economic, Windows development is cheap. I've worked in industrial automation and my employer targeted Windows almost exclusively because expert developers for other systems were too expensive and our existing developers needed more development time when not developing for Windows and there usually was no budget for that. The biggest downside from a business perspective was that industrial machines that could have been serviced by a tiny microcontroller instead needed a several thousand euro server, but that kind of price tag is completely dwarfed by the rest of the cost of development.

Re:Why?

[msauve]

"why for heavens sake has it to be a desktop operating system?"

You're making assumptions. Rather than run a desktop OS like Windows XP Professional, it's more likely running Windows XP Embedded, which is intended for this type of use.

Re:Why?

Yes and no. A safe really doesn't need to be digital, in fact, making it digital opens up avenues for attack. A traditional safe? You'd spend years learning how to crack a safe if not a lifetime, or use some big bats and make lots of noise.

It doesn't make sense to introduce a security hole into a system that doesn't need one and functioned just fine before it was put there.

A voting machine can ALMOST make the same argument, we could technically downgrade that machine to a punch card reader, which really that's about what they are at this point. The issue gets difficult once you understand that for some reason the US has decided it HAS to be a super secret ballot. You need some system to tally the votes, send them to a database to be counted along with votes from every precinct and voting district in the US. Humans take too long, and also lie, cheat, steal, and take bribes.

The right computer system removes their ability to do that. Sadly, the US is not using the right system.

=> shorthand...

You can have a safe without a computer, you likely won't get far voting wise without a computer at least doing the final count

Re:Why?

[BitZtream]

Every computer has an OS, its just a question of how complex it is.

XP Embedded is not XP desktop anymore than Android is Debian. They aren't running a desktop OS any more than your cell phone is.

XP Embedded is not unsupported, and you're an idiot since you seem to think you have some non-buggy OS. The fact that you make such a comment tells me you know so little about software dev that you have no business even commenting in this conversation. All software has bugs.

Re:Why?

[tburkhol]

Why does a safe need an operating system?

This thing is not a "safe" in the sense of a monothithic box with a door where you might keep your Krugerands. Compusafe is a gas station/back office safe, with a touch screen GUI, cash reporting, and centralized accounting. ie, your night clerk drops a stack of bills into the loading tray, and the safe counts them, separates them, and sends a note home how much is in it. This seems to be a 4th generation product, so, like most software running on legacy platforms, I would guess that Brinks thinks the fact they've been using this code for 15 years means that they have already fixed most of the bugs and vulnerabilities. Or at least that it's much cheaper to keep using the same software they've been using for 15 years: why fix what ain't (known to be) broke?

Re:Why?

[AmiMoJo]

Why does a safe need an operating system?

It's more than just a safe. The shop puts money in and the bank credits their account immediately, and then comes to collect the cash say every week. So it has to report back how much money has been put in, like an ATM that you can pay money in to.

And then why for heavens sake has it to be a desktop operating system?

Because long ago the company designed and built an ATM that ran on Windows XP, and didn't want to spend money upgrading to something better and porting/re-testing all their software. You see this a lot in industrial designs. Something works so there is reluctance to change it in the face of vague "security concerns" from engineers. Even now I bet they don't do much, other than demanding that the shop where the safe is located provides physical security. The shop is probably liable for any loss anyway, so what do they care?

Re:Why?

You have no idea what you're talking about... but don't let that stop you from blathering on.

Re:Why?

[bickerdyke]

As I'm earning my living with software development I'm quite aware that there is no bug free software (beyond "hello world"). But I'm also aware that the number of bugs correlates with the software's size and complexity.

That's why you don't use a more complex OS then required. That you mention XP embedded is making it much better, but the summary mentioned a plain XP only.

Re:Why?

[bickerdyke]

Thanks for the update. From the summary I was expecting some kind of new "lifestyle" safe, like the new entertainment systems they just have to slap into every car no also being a thing on safes.

Re:Why?

[bickerdyke]

Point taken. But to my defense, this assumption is firmly grounded in the summary speaking of a Windows XP based device and not an XP embedded based device.

I still doubt if Windows based OS was a good design descision, but if all you have is a bunch of windows developers, you tend to solve every problem with a hammer.

Re:Why?

You missed the point. The GGP was bemoaning the factors that led to this state of affairs, and (somewhat rhetorically) demanding a root cause analysis for how such awful decisions could have been made in the first place. The GP is a reply to that line of thought.

Re:Why?

Well, tell us how the safe can do what this one is supposed to do without "being digital"? There is a bill acceptor and the safe transmits the deposits to the bank securely. How are you going to do any of that without a digital safe?

Re:Why?

[DroolTwist]

For all intents and purposes, the underlying OS should not have even been mentioned. It had NOTHING to do with the hack.

Re:Why?

While I agree that people here are failing to realize the vast difference between embedded XP and the normal desktop variety...

Every computer has an OS, its just a question of how complex it is.

This is pretty much flat out false, as there are still plenty of embedded systems with no operating systems or abstraction layer between the hardware and the software, with instead the embedded software directly controlling hardware and io at the same time as implementing application logic.

Re:Why?

[bickerdyke]

Still haven't read the actual TFA, but from the summary I understood that most of the hack was gaining access to the OS UI by forcing the OS out of the kiosk mode.

I may be wrong, but I'm still in line with the summary.

Re:Why?

"US has decided it HAS to be a super secret ballot"

The US did not decide that, it's a fundamental requirement for democracy to work. If the ballot isn't secret, the people with the clubs can check whether you voted the way they told you to, and that's unacceptable.

Re:Why?

[BronsCon]

Depending on language, "Hello World" may inherit bugs from the compiler used to produce its binary. Otherwise, it gets its bugs from the interpreter or VM.

Re:Why?

[Solandri]

You're making assumptions. Rather than run a desktop OS like Windows XP Professional, it's more likely running Windows XP Embedded, which is intended for this type of use.

It may be intended for this type of use, but is highly inappropriate. The reason companies use XP Embedded (arguably the only reason XP Embedded ever managed to gain any market share in embedded systems) is because you can write software for it using the Windows API. In other words, you can tap into the millions of software developers out there who know how to write Windows programs, instead of the few tens of thousands proficient in more robust embedded OSes like VxWorks. Larger supply = lower prices, so you can hire your programmers for cheaper.

The problem of course is that you're highly likely to hire a programmer who doesn't know squat about writing software for an embedded system. i.e. Something which will never get system updates or bug fixes. Their coding will be sloppier, they won't think about all the possible issues and corner cases like a skilled embedded software developer will, and the emphasis will be on getting the job done quickly and cheaply. So while it's not a desktop OS, its use allows (and in fact encourages) management to cut costs by hiring pimple-faced programmers whose only experience is in writing desktop software. Which appears to be the case here (the vulnerability is in the software running atop the OS).

Re:Why?

[tlhIngan]

Depending on language, "Hello World" may inherit bugs from the compiler used to produce its binary. Otherwise, it gets its bugs from the interpreter or VM.

Even "hello, world" itself has many bugs in many implementations.

I mean, do you check to see that stdout is actually connected before you blindly output? Or do you just output and hope for the best? ("hello, world" that doesn't print "hello, world" would be considered a failure).

Do you check all return values? Do you even know that printf() in C has a return value?

Did you check that the output buffer has sufficient space for your characters, or are you assuming your program won't hang because the output buffer is full?

Does your language startup/shutdown routines properly handle your return type? I mean, if you're doing the "void main(void)" thing, is your startup code making an assumption that you're returning an int? Sure it might do the right thing most times, but perhaps it suddenly blows up and instead of returning 0, it returns -238 or something.

Etc. Etc. etc. It's a good way to test how good someone is at QA testing - give them a standard version of "hello, world" and have them figure out all the bugs that can be lurking in it.

Re:Why?

What do you mean "an out of date, unsupported, buggy OS"? All OSes are that, given time.

Or are you saying in this day and age, we are required to replace our hardware every few years just because it runs code? So retarded.

Why an OS?

[Schmorgluck]

There's something to this kind of news... Why do they even put an operating system on such a specialized device, that is dedicated to only one task? The point of an operating system is to be able to run different programs on the same machine. It's certainly easier to build over one, but is it worth the trouble?

Re:Why an OS?

[invictusvoyd]

Microsoft gave them a huge discount of course.

Re:Why an OS?

I envision people at Brinks's headquarters sitting around saying "we've got to get in on this technological revolution, we'll make a million. Do any of you know anyone that can program safes?" and some VP saying "No, but I've got a kid who writes Windows programs, if we install Windows on it, we can hire him."

Re:Why an OS?

[jittles]

There's something to this kind of news... Why do they even put an operating system on such a specialized device, that is dedicated to only one task? The point of an operating system is to be able to run different programs on the same machine. It's certainly easier to build over one, but is it worth the trouble?

If this is the product that I think it is, then it is a fireproof safe specifically designed to keep computer data safe through a short but intense (up to 2 hour) fire. Some of the more "sophisticated" models allow you to backup and retrieve data without removing the drives from the safe. I'm not sure what value that provides, to be honest. But the USB port and computer OS are likely to provide access control to the data inside the safe.

Re:Why an OS?

[bws111]

Here is one of these safes. The first, most obvious thing is that it has a touch-screen device, a printer, a network connection, a card reader, a cash counter, and a safe. That is a lot of hardware to drive with no OS.

It also has mutliple users, with various roles for each user. Sounds like more OS stuff.

It has ways to add and delete users, and change passwords. More OS stuff.

It can make reports, so obviously it has some sort of storage, which means some sort of file system. More OS stuff.

It has ways to update the software. More OS stuff.

So the real question is, why would anyone in their right mind NOT use an OS on a device like this?

Re:Why an OS?

[Schmorgluck]

Okay, presented that way, it makes more sense to have an OS. More than in a voting machine anyway.

I see USB ports everywhere

[VladKhanutin]

Good old USB HID keyboard attack... Net hunter tablet, anyone?

Re:Safes are for cows.

Have I missed something? I keep seeing this type of post.

Why even use an electronic safe?

[jonwil]

If I had some stuff I wanted to keep secure, I would buy a safe with a dial combination lock, not an electronic safe (and certainly not one with software sophisticated enough that it needs an actual OS underneath it)

Re:Why even use an electronic safe?

It probably depends on your background. Someone who routinely inspects machinery with ultrasounds would probably choose an electronic safe.

Re:Why even use an electronic safe?

Many dial combination locks have severe vulnerabilities, Most of them leak information about their internal state, are manufactured to sloppy tolerances, make certain kinds of brute force attacks fast and don't contain sufficient countermeasures against tampering.

Re:Why even use an electronic safe?

[tburkhol]

If I had some stuff I wanted to keep secure, I would buy a safe with a dial combination lock, not an electronic safe (and certainly not one with software sophisticated enough that it needs an actual OS underneath it)

But then you wouldn't be able to have your safe count your money for you. It wouldn't be able to confirm who made the deposit. It wouldn't be able to communicate with your central office to tell you how much money was at each different location. It wouldn't be able to call the bank for a pickup when it's full. My guess is this is basically the same as ATM/USB hacks, where Brinks decided that the safe is going to be installed in a sufficiently secure area that it's OK to leave a USB port exposed.

Re:Why even use an electronic safe?

[JaredOfEuropa]

It really depends on what you are keeping in there. Mechanical spin locks take time to open and have an extremely low Wife Acceptance Factor. Good for cash and valuables but not so good for jewelry or shared stuff, or for guns you keep for home security. Keyed locks have the disadvantage of requiring you to carry the key, and like spin locks they are not so good for stuff you may have to get out of there in a hurry, but good for cash, jewels and documents. Electronic locks are great if you need your safe open in a hurry, or where you want convenience: good for guns & car keys you want to keep safe from your kids or an amateur burglar.

Re:Why even use an electronic safe?

[jonwil]

Even if you do go for an electronic lock, there is no reason why it has to have a full OS (much less something written by Microsoft) underlying it. You could probably implement the logic for a safe on a simple microcontroller. Even if you need things like auditing (e.g. to record who opened the safe and when) all you need is a bit more memory (to store the list of valid codes and when those codes can be used plus the log of which codes are used and when) and a simple real-time-clock chip to keep track of the current date/time.

Also, there is no reason to leave any wires or ports or access points exposed to the outside world except for the battery compartment (if the safe has an external battery compartment to allow for battery replacement if the battery is drained) or the external power source/backup battery connector (if the safe has an internal battery box to allow for providing power if the batteries inside the safe are dead)

Re:Why even use an electronic safe?

[JaredOfEuropa]

Cheap ones, yes. They are especially vulnerable to tampering, just like cheap keyed locks and cheap electronic locks. Sometimes these locks can simply be opened by bouncing or hitting the safe just the right way. The more expensive locks can be defeated but it takes more time, patience and skill. You get what you pay for, and high security dial locks go from $100 to over $1000 (just for the lock).

Re:Why even use an electronic safe?

[bws111]

Well, it is easy to make statements like that when you have no idea what the thing actually is or how it is used.

First, this thing is meant to be used in stores, gas stations, etc. The employee logs on and puts the cash in and it is counted and reported to the bank. The manager can check and see how much cash is in there and who put it in. At some later time, an armed Brinks employee comes in and empties the safe.

So, what happens with your simple safe? Assuming you aren't dumb enough to give the employees the combination you need a 'drop' type safe. OK. But now you don't know how much money is in it until you open it (security problem). The money is just sitting in your safe, useless, until it gets delivered to the bank. So how do you get the money to the bank? Open the safe, take out the cash, and drive it to the bank yourself? Giant security problem. Have Brinks come and pick it up daily? More secure, but expensive. Who opens the safe when you are not available? Now you have to give the combination to someone else. Security problem.

Re:Why even use an electronic safe?

[bws111]

A rather key feature of this 'safe' is that it counts the cash and credits your bank account. It notifies Brinks when a pickup must be made. It prints reports of deposits made, etc. It allows a central location to see that deposits are being made and how much money is in the safe. It has multiple users and roles. It has a touch screen to allow for management of user and roles, logging on, reporting, unlocking, etc. It is getting harder and harder to do on a simple microcontroller with no OS, and impossible to do without some sort of external connectivity.

Re:Why even use an electronic safe?

Crucially, this means it would have been way too expensive to develop without Windows on it.

Of course, I see no reason why the actual safe lock to open it couldn't be mechanical, but I think it doesn't really matter. A bad mechanical lock will allow unauthorised access and so will a bad electronic lock. The key word here is ‘bad’, not ‘mechanical’ or ‘electronic’.

Spot The Fed Defcon Edition

[laurencetux]

I think they started playing StF like the second Defcon so yeah Elite "Players" will be able to spot the feds not obvious.

Wait.. WTF... There's a SAFE that runs WIndows XP

Why the fuck does a safe need to run any PC operating system in the first place, and how ignorant would its maker have to be to choose XP..... The world may never now.

Re:Wait.. WTF... There's a SAFE that runs WIndows

We'll have to ask the grandfather of all knowledge . . . . Microsoft sales

50 ways to break it

It's XP.

Its full of known holes.
It's not supported anymore.
It does lots of things that are unwanted for this process.
It has a huge attack surface as a result.
Brinks could never have certified that secure because they used an OS with known security holes that they could never have audited themselves because its closed to them.

WTF! Who would be so stupid as to do that? Are they a division of Diebold??

Re:Wait.. WTF... There's a SAFE that runs WIndows

[Megane]

Apparently because it's some sort of "drop off" safe.

In the normal operation of the safe, the majority of operations are executed by way of a touch-screen on the safe. Once the money has been inserted into the safe, it is automatically deposited to the retailer's bank, which means that it's the bank's money and a store manager cannot remove cash from the safe. Typically, to remove cash, there is a requirement for both the store manager and a Brink's employee to be present.

That still doesn't explain why people in this sort of industry think you need Microsoft freaking Windows for a simple UI screen. Perhaps they are using Visual Basic? (rolls eyes)

This is 2015, folks, this is the kind of crap you can do with a Raspberry Pi, and if it's long-term support you want, you will still be able to get boards ten years from now, at most needing software changes in the form of a few different kernel drivers.

Re:Wait.. WTF... There's a SAFE that runs WIndows

[BitZtream]

The OS wasn't compromised, and XP embedded is pretty secure ... it doesn't run anything out of the box, so its pretty safe.

You choose Windows because the Win32 API has a couple of metric fucktons of developers available that are JUST as capable as random Linux developer that thinks he's kind shit just because he runs Linux even though his software is just as exploitable on Linux as it is on XP.

How ignorant do you have to be to make such retarded statements? Pretty fucking ignorant I'd say.

Still a problem more than a year later?

[jenningsthecat]

FTA: "So the issue isn't so much that there is no acknowledgment that there is a problem; rather, the vendors have been pointing fingers about whose problem it is for over a year, without progress made on the actual resolution."

Finger pointing or not, it's hard to believe that it could take that long to address the issue. Even if they can't get their shit together to fix the fundamental problem, couldn't they at least kludge in a piece of gateway software that would intercept the USB port data and raise the difficulty level of gaining access and exiting kiosk mode? That, plus actual lock-and-key protection of the port, (and maybe a retrofit of a custom connector that would make it even more difficult to make the physical connection), would buy them a lot of time to get through the exercise of deciding who's going to fix the REAL problem.

Speaking of fixing the problem - I know the answer to this, but I have to ask anyway: What happened to the practice of just fixing it because you can, and because it makes you look good, without regard to whose fault the problem was in the first place? They could have had this taken care of inside two weeks - maybe a month at the outside - if they weren't playing juvenile schoolyard politics.

Re:Still a problem more than a year later?

[tompaulco]

Even if they can't get their shit together to fix the fundamental problem, couldn't they at least kludge in a piece of gateway software that would intercept the USB port data and raise the difficulty level of gaining access and exiting kiosk mode?

Or disable the USB port...at the factory...by not installing it.

Re:Still a problem more than a year later?

Or putting it inside the safe.

Re:Still a problem more than a year later?

What happened to the practice of just fixing it because you can, and because it makes you look good, without regard to whose fault the problem was in the first place?

Lawyers.

Re:Still a problem more than a year later?

[jenningsthecat]

Lawyers.

I *did* say I already knew the answer... :-) To 'lawyers' add accountants, PR people, and any C-levels who subscribe to 'flavour of the month' management philosophies.

Made sense at the time... sort of

[sjbe]

Why does a safe need an operating system?

Because it is computerized and does more than control a lock. When was the last time you saw a computer without any sort of operating system?

And then why for heavens sake has it to be a desktop operating system?

Because that's what most people know how to write software for. Not saying it was a good choice but I understand why they did it.

It's not like there are especially hardened OSses out there for embedded devices.

It's not an embedded device. It runs a pretty much bog standard PC. I've actually worked on some of the hardware in these in my day job a while back on a project. (No I had nothing to do with the design or the implementation of them nor do I have any relationship with Brinks and no the project had nothing to do with hacking them)

And after having such a terrible design idea, why have it implemented by a moron using an out of date, unsupported, and buggy OS?

Because it wasn't out of date or unsupported when they designed the safes. These aren't a brand new design. Again, not saying it was a good choice but it made sense (sort of) at the time.

A USB port?

[QuietLagoon]

...the safe's exposed USB port....

Why not just paint a large target on the front of the safe?

We have this awesome new tech...

[pla]

They call it a "lock and key". Totally uncrackable over the internet or via USB, and although exploits do exist, for higher quality setups they take considerable time with physical access to the device.

The "IoT" is not our friend, folks - It turns solid, reliable old-school products into yet another vector for malware in your house. And if you think reinstalling Windows sucks, how about having your oven go into self-cleaning mode during your vacation without the safety latch closed? How about having your blender "playfully" get your cat's attention with brief pulses before going full puree? How about overriding your on-demand hot water heater to its "steam clean" setting with you in the shower?

I love toys, including electronics. But the fewer things in my house vulnerable to remote exploits, the better. My toaster should have one dial and one lever and zero computers, period.

Re:We have this awesome new tech...

[Githyanki]

You reminded me of this scene from Red Dwarf. Definitely do not want my toaster to be too smart. https://www.youtube.com/watch?...

Re:We have this awesome new tech...

... My toaster should have one dial and one lever and zero computers, period.

But I need talkie toaster to prepare my breakfast.

Re:Safes are for cows.

Have I missed something? I keep seeing this type of post.

Yeah - don't you watch television? It's the new Reddit recruiting campaign. Sex Conker is the marketing manager.

fartnockers

Get it right Slashdot, this is not hacking, never has been. This is cracking

What the...

[JustAnotherOldGuy]

...why in the world would you need a full-fledged OS just to run a safe? Is there any reason besides stupidity that you wouldn't put an FPGA or something running a simple hard-coded application in there?

This whole thing makes my head spin- I couldn't be any more surprised if I found out that my toaster or can opener was running Win95, or ANY full-fledged OS. Now I wonder what OS my toothbrush is running on. And the napkin holder on my dining room table- what OS does it use?

Re:What the...

[bws111]

It is a 'safe' in the same sense an ATM is a safe. It counts (and sorts) the money that is inserted and credits it to your bank account. It records who made deposits (requires user management). It prints reports. It notifies Brinks when it is time to empty the safe. It allows a remote manager access to see deposits made, etc.

So at the very least it needs to interface with a bill counter/sorter, network (encryption, etc), touch screen, printer, card reader, and lock mechanism. Is there any reason besides stupidity you would implement all that with a FPGA or hard-coded application?

It's like they're not even trying

[chaoskitty]

This seems to be a big problem - large companies seem to be completely unaware of how to hire people to do technical work. Instead, some dumb admin who's been doing Windows for ages said, "Hey! Let's use Windows in our new iSafe!", and this is why they have the worst example of problematic code running in something that's supposed to keep belongings safe.

I don't care how many people claim Windows can be made secure. It simply should not be used for anything sensitive.

USB on a safe?

[digitalboss]

Why would a safe have a USB port? Doesn't make sense to me.

Bank robbery, or not?

[almechist]

So if the money belongs to the bank as soon as it's in the safe, does that make any hack into the safe bank robbery?

pre-announcing hacks

Why oh why do people still pre-announce what they are going to demonstrate at DEFCON? This lets the spooks, lawyers, and paid goons scare hackers into being silent on their findings. Let it be a surprise.

Obligatory XKCD

[jazzdude00021]

https://xkcd.com/463/

It's a feature

[ivandal]

It's called Plug n' Pay