Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Set To Demonstrate 60 Second Brinks Safe Hack At DEFCON

Posted by samzenpus on from the thunderbolt-and-lightfoot dept.

darthcamaro writes: Ok so we know that Chrysler cars will be hacked at Black Hat, Android will be hacked at DEFCON with Stagefright, and now word has come out that a pair of security researchers plan on bringing a Brinks safe onstage at DEFCON to demonstrate how it can be digitally hacked. No this isn't some kind of lockpick, but rather a digital hack, abusing the safe's exposed USB port. And oh yeah, it doesn't hurt that the new safe is running Windows XP either.

6 of 147 comments (clear)

  1. Seriously! by invictusvoyd · · Score: 5, Insightful

    Digital safe running XP = = special ops commando running with a muzzle load flint lock.

    1. Re:Seriously! by Mal-2 · · Score: 5, Informative

      In this case, the Windows version is irrelevant. They didn't attack Windows, they attacked the software running on top of it. Since the OS wasn't compromised, upgrading it would do one of two things: (1) break things, either a little or a lot OR (2) absolutely nothing.

      "Even if the CompuSafe were running Windows 10, it wouldn't have changed the exploit that we will be demonstrating," Salazar said.

      It's right in there. Of course that would require reading the article, and I'm sure I broke some unwritten rule by doing so.

      --
      How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
    2. Re:Seriously! by oobayly · · Score: 5, Interesting

      This was my immediate thought too. Dave on eevblog did two videos on seeing if there was a power line vulnerability on a cheap digital safe - they're pretty interesting, plus he's quite amusing to watch.

      EEVblog #762 - How Secure Are Electronic Safe Locks?
      EEVblog #771 - Electronic Safe Lock Powerline Attack Part 2

    3. Re:Seriously! by vtcodger · · Score: 5, Insightful

      A "safe" with a USB port? What could possibly go wrong?

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
  2. Why? by bickerdyke · · Score: 5, Insightful

    Why does a safe need an operating system?

    And then why for heavens sake has it to be a desktop operating system? Does it need to run MS Office or what was the design idea here? It's not like there are especially hardened OSses out there for embedded devices. (Not to mention that this means we have a safe that's running on a x86 architecture)

    And after having such a terrible design idea, why have it implemented by a moron using an out of date, unsupported, and buggy OS?

    --
    bickerdyke
  3. Re:Why not have mechanical security too? by Mal-2 · · Score: 5, Informative

    It's basically an ATM in reverse, for stores. Put money in, and you're not SUPPOSED to be able to get it back out. Instead, it immediately shows up in your bank account. The bank will come around and empty the safe when it is convenient to them. If the power fails, they'll just have to come back some other time.

    At least that's the plan. The exploit clearly shows that someone other than the bank or a Brinks employee CAN open the safe.

    But of course, nobody reads the articles before complaining. This is /. after all.

    --
    How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.