Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Robot At DEFCON Cracked A Safe Within 30 Minutes (bbc.com)

Posted by EditorDavid on from the automating-larceny dept.

schwit1 shared an article from the BBC: Using a cheap robot, a team of hackers has cracked open a leading-brand combination safe, live on stage in Las Vegas. The team from SparkFun Electronics was able to open a SentrySafe safe in around 30 minutes... After the robot discovered the combination was 51.36.93, the safe popped open -- to rapturous applause from the audience of several hundred... The robot, which cost around $200 to put together, makes use of 3D-printed parts that can be easily replaced to fit different brands of combination safe. It cannot crack a digital lock -- although vulnerabilities in those systems have been exposed by other hacking teams in the past.
Though the safe had a million possible combinations using three two-digit numbers, the last number had slightly larger indents on the dial -- reducing the possible combinations to just 10,000. And in addition, "the team also discovered that the safe's design allows for a margin of error to compensate for humans getting their combination slightly wrong" -- which meant that the robot only had to check every third number. "Using this method, they could cut down the number of possible combinations to around 1,000."

"Some SentrySafe models come with an additional lock and key, but the team was able to unlock it by using a Bic pen."

29 of 128 comments (clear)

  1. Sounds like they watched a few Richard Feynman by Tulsa_Time · · Score: 5, Insightful

    You Tube Videos...

    --
    5 out of 6 people enjoy Russian Roulette & 6 out of 7 Dwarfs are not Happy
    1. Re:Sounds like they watched a few Richard Feynman by Registered+Coward+v2 · · Score: 4, Informative

      Exactly. The stories of his safe cracking in Surely You're Joking... are great. That book and they follow-on should be required reading for anyone interested in hacking, in the old school meaning of the term.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    2. Re:Sounds like they watched a few Richard Feynman by gl4ss · · Score: 4, Interesting

      They're an interesting read for anyone who doesn't want to be an idiot, really.

      even if you figured out some of the stuff yourself, reading surely you're joking gives you at least some hope in humanity and in that, no, people aren't that different despite few decades of time passing - but you don't have to let it get to you too much.

      aaaanyways also this is kinda why proper safes have delay locks.. with a home safe I would be more interested in if it keeps the stuff safe in an event of fire or whatever(the reason for the name "safe" vs. a lockbox).

      --
      world was created 5 seconds before this post as it is.
    3. Re:Sounds like they watched a few Richard Feynman by edtice1559 · · Score: 3, Interesting

      There are two types of safes. Fire safes and security safes. There may be safes that combine both sets of features but they aren't sold at everyday retailers. A fire safe is typically made up of insulating material and you could probably cut through it pretty easily. A security safe tends to be made of high-strength materials. As a DIY measure, I guess you could put a security safe inside of a fire safe! I wouldn't do the other way around as the fire might prevent the security safe from opening.

  2. Re:Do all fat men sing chumbawamba to themself ? by turkeydance · · Score: 2, Funny

    fat men sing in the bath tub with the blues (littlefeat)

  3. My Sentry safe model 1250.. by Anonymous Coward · · Score: 3, Informative

    was broken into in the less than twenty minutes between when someone kicked in my door and the Seattle police responded. They took everything in it. Sentry makes horrible safes.

    1. Re:My Sentry safe model 1250.. by Anonymous Coward · · Score: 2, Insightful

      The police have no legal duty to protect citizens not already in custody. Many don't realize that. Burglary is considered little more than a nuance in many locales and treated much like a noise complaint. The police likely won't come, and even if they do, may do little to no investigating.

      On a related note, often the places with the tightest gun restrictions have very poor police response. In my view, if the police have no legal obligation to protect the public, then the public should have the right to be armed with few restrictions. Be glad it wasn't an armed robbery. Even that doesn't necessarily guarantee a timely police response either.

      As for safes, pretty much of any of them marketed as fire safes aren't intended for high security. From what I've read, figure on spending upwards of $1000 for even a smallish one cubic foot size safe that's relatively secure. Don't expect to find anything even remotely as good at any well known big box store with the possible exception of sporting good stores that also sell gun safes, and by extension, may offer better general purpose safes too.

      Finally, regardless of the safe and its weight, it must be bolted down well for good security. Bank safe deposit box is an alternative for some, but comes with numerous hazards, including various legal ones. Banks generally aren't liable for contents and some types of items can't legally be stored in such a box.

    2. Re:My Sentry safe model 1250.. by knightghost · · Score: 2

      Police would be here in less than 4 minutes. Then again we encourage self defense, leading to so little crime that the police can respond immediately to what does occur.

    3. Re:My Sentry safe model 1250.. by gl4ss · · Score: 2

      with how the police are trained in usa.. it might be better off if they come 4 hours later and the situation has chilled out already and the sun has come up so the poor sods don't get spooked so easliy.

      seriously you should just demand the police education gets tripled or quadrupled to match countries with less police shootings and less gun fatalities. and the pay level is the highest in the world for coppers so there's that too, it's not like it's not compensated for.

      also, you got some stats to back that up?

      --
      world was created 5 seconds before this post as it is.
    4. Re: My Sentry safe model 1250.. by gl4ss · · Score: 2

      What the fuck are you talking about, weirdo?

      that 'murican cops are trained to shoot if they feel scared.

      that's not a joke or an urban myth or anything.. that's literally the aim of the training. to make them shoot (to kill) if they feel scared. also that's the literal opposite of how cops are trained in most of the world.

      scared pussies that you pay double the wage that people in other countries get from training to be police for triple the time. yet, you refuse to recognize this is a problem of any sort.

      --
      world was created 5 seconds before this post as it is.
    5. Re: My Sentry safe model 1250.. by KGIII · · Score: 2

      Almost all shots are meant to kill. Those vanishingly small few that aren't, should be. Adding 'to kill' reeks of an agenda or ignorance. If the latter, given the vast amount of education on the subject, I can only assume it is willful.

      --
      "So long and thanks for all the fish."
    6. Re:My Sentry safe model 1250.. by Anonymous Coward · · Score: 3, Interesting

      This. The German rank and file police I worked with had the equivalent of a Master's degree in criminal justice. The English police had a year of training for unarmed combat.

      US police might get a few hours, but the majority of their training is at the range, so they do what they are trained to do in a heated situation; draw, aim for center of mass and empty the magazine on their duty weapon, and then fill out the paperwork while out on paid leave. That is just how the US police system works. The officers are good people, and few are truly bloodthirsty, but their training is essentially limited to gun battles, with not much left over for situations that don't require deadly force 24/7.

      If you gave US police officers similar training as European, Japanese, or even Canadian officers, things would be completely different.

    7. Re: My Sentry safe model 1250.. by dunkelfalke · · Score: 4, Informative

      Maybe where you come from, but German police is trained to shoot to stop. This is one of the reasons why in Germany only about 12 persons per year get shot to death by the police. German police is also trained to only shoot as ultima ratio when there is no other way to stop a person instead of using their firearm when they are scared. This is why many German cops never once have shot at people during their decades-long carreer.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    8. Re:My Sentry safe model 1250.. by trg83 · · Score: 2

      It is, unfortunately, true for the US. Several Supreme Court rulings have decided this to be true.

    9. Re:My Sentry safe model 1250.. by kelemvor4 · · Score: 4, Interesting

      This. I work for the Seattle city government, and we demand a less than four hour response to all break-ins. We are trying very hard.

      That's pretty pathetic. To be useful it needs to be a lot closer to 15 minutes. Otherwise, they're never going to catch anyone or save any lives. At 1+ hours, all they're doing is playing secretary as they write a report.
      If you can't protect your citizens better than that, you should be encouraging gun ownership and self defense/home security type training for citizens.
      In Tampa, FL I've had to call the police 2 or 3 times in the past decade. They've always come very quickly, I don't have actual times but I'm thinking close to 15 minutes for sure.

      I just can't get over it. You're proud of a 4 hour response time? That's really bad.

  4. Very Cool Application by mykepredko · · Score: 4, Informative

    I know this isn't at the level of what you'd see in a James Bond movie, but neither is the Sentry safe.

    Congratulations to the team at SparkFun!

    --
    Mimetics Inc. Twitter
    1. Re:Very Cool Application by Frosty+Piss · · Score: 2

      I know this isn't at the level of what you'd see in a James Bond movie, but neither is the Sentry safe.

      Exactly. The story quote is:

      a leading-brand combination safe,

      My thought having worked with some mid-range GSA approved classified document safes and gun safes is that a Sentry is to safes as an inexpensive Master combination lock is to locks...

      But the idea of how it was "cracked" is nifty none the less.

      --
      If you want news from today, you have to come back tomorrow.
  5. James Bond by AHuxley · · Score: 3, Funny

    On Her Majesty's Secret Service (1969) had that safe-cracking machine.

    --
    Domestic spying is now "Benign Information Gathering"
  6. Seriously, BBC? by DontBeAMoran · · Score: 2

    WTF?

    Sorry, you need Flash to play this.
    Enable it in your browser or download Flash Player here.

    I thought the BBC was a bit more up-to-date on current technologies. I guess I was terribly wrong.

    --
    #DeleteFacebook
    1. Re:Seriously, BBC? by AmiMoJo · · Score: 3

      The BBC hasn't been at the forefront of tech for many years. They developed a lot of cool stuff back in the day, but their streaming video tech is abysmal. Flash required for BBC News embedded videos, and iPlayer's video quality is terrible ("HD" is only 720p, very low bit rate and poor encoder).

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:Seriously, BBC? by AmiMoJo · · Score: 2

      Budget cuts. The current government hates the BBC and is trying to destroy it by curing its funding.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  7. Re:So, not surprised they're not all that secure by starblazer · · Score: 4, Insightful

    1) steal safe
    2) stash safe
    3) attach robot
    4) profit?

    Key to this is to make sure its bolted to the floor. Most home safes aren't.

  8. Re:So, not surprised they're not all that secure by arth1 · · Score: 3, Informative

    Many of the Sentry safes can be opened in seconds with a powerful magnet. They're useful for keeping honest people honest, and give moderate protection from fires, depending on placement.
    Mechanical safes are generally safer (no pun intended) than keypad ones, but there are still lots of exploits for quite a few of the common safe models.

  9. Re:So, not surprised they're not all that secure by MightyYar · · Score: 2

    Key to this is to make sure its bolted to the floor.

    Great, then if they find my sawzall it'll really get expensive...

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  10. Big deal... by jonwil · · Score: 2

    This is like all the videos showing Master padlocks opened with hammers and zip ties and things, Let me know when their fancy-pants robot can manipulate open a top-of-the-line Sargent & Greenleaf UL 768 Group 1 rated combination lock in such a short space of time and it might be noteworthy...

    All this video does is show that the Sentry Safe safes are just as crappy as any other product Master Lock makes.

  11. Re:Help me understand this by gl4ss · · Score: 4, Insightful

    it's defcon.

    that is, nowadays it seems it's just about a) money b) cheesy pr stunts to get said money.

    why do you think it's in vegas and not say in hamburg?

    never mind the fact that it was just a brute forcer - ultrasonic detection, xrays, click detection or anything - just brute force an amount a human could brute force!.

    like okay, just have it as an exhibit on the show floor.. okay.

    but just take a look at the talks. okay there's apple watch jailbreak but thats about it and even that is kind of a who gives a fuck when you can buy open smartwatches for 1/6th of the price

    --
    world was created 5 seconds before this post as it is.
  12. Re:So, not surprised they're not all that secure by Calydor · · Score: 2

    Just put it in the safe.

    --
    -=This sig has nothing to do with my comment. Move along now=-
  13. Re:So, not surprised they're not all that secure by No+Longer+an+AC · · Score: 2

    They claim they are fireproof and even give some specifications as to heat and duration.

    That's what what mine is for. It's also waterproof (I was able to test that much - I'll take their word that it's fireproof).

    I was advised once to get one but leave it unlocked - otherwise they'll just steal the whole thing. I keep it locked anyway but I don't expect it to really stop anyone burglarizing my home. (so presumably this way they'll just steal the contents? Hooray, I guess).

  14. Re:So, not surprised they're not all that secure by JaredOfEuropa · · Score: 2

    Some of the cheap safes do offer decent protection against fire. That's the reason I got that relatively cheap Honeywell safe for my home office. It came out pretty well in a fire test, not so well in a break-in test: it can be banged open fairly quickly. But even on this crappy cheap ass safe, the spin lock has to be turned to zero after dialing in the combination, before the door handle can be operated. This prevents someone from feeling notches on any of the rotors, including the first one.

    The lock they opened with a pen was probably a radial lock (the kind with circular keys). Do not ever buy anything using that kind of lock, period. It's a terrible design having all of the tumblers exposed, and even the ones that cannot be picked with a pen can be picked by anyone with a paperclip and a little patience.

    Want to actually protect something? A good safe with a good lock (either with key, keypad or spin lock) costs maybe a couple 100 €/$ and they last pretty much forever.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...