A Robot At DEFCON Cracked A Safe Within 30 Minutes

schwit1 shared an article from the BBC: Using a cheap robot, a team of hackers has cracked open a leading-brand combination safe, live on stage in Las Vegas. The team from SparkFun Electronics was able to open a SentrySafe safe in around 30 minutes... After the robot discovered the combination was 51.36.93, the safe popped open -- to rapturous applause from the audience of several hundred... The robot, which cost around $200 to put together, makes use of 3D-printed parts that can be easily replaced to fit different brands of combination safe. It cannot crack a digital lock -- although vulnerabilities in those systems have been exposed by other hacking teams in the past.
Though the safe had a million possible combinations using three two-digit numbers, the last number had slightly larger indents on the dial -- reducing the possible combinations to just 10,000. And in addition, "the team also discovered that the safe's design allows for a margin of error to compensate for humans getting their combination slightly wrong" -- which meant that the robot only had to check every third number. "Using this method, they could cut down the number of possible combinations to around 1,000."

"Some SentrySafe models come with an additional lock and key, but the team was able to unlock it by using a Bic pen."

Sounds like they watched a few Richard Feynman

[Tulsa_Time]

You Tube Videos...

Re:Sounds like they watched a few Richard Feynman

[Registered+Coward+v2]

Exactly. The stories of his safe cracking in Surely You're Joking... are great. That book and they follow-on should be required reading for anyone interested in hacking, in the old school meaning of the term.

Re:Sounds like they watched a few Richard Feynman

[gl4ss]

They're an interesting read for anyone who doesn't want to be an idiot, really.

even if you figured out some of the stuff yourself, reading surely you're joking gives you at least some hope in humanity and in that, no, people aren't that different despite few decades of time passing - but you don't have to let it get to you too much.

aaaanyways also this is kinda why proper safes have delay locks.. with a home safe I would be more interested in if it keeps the stuff safe in an event of fire or whatever(the reason for the name "safe" vs. a lockbox).

Re:Sounds like they watched a few Richard Feynman

[edtice1559]

There are two types of safes. Fire safes and security safes. There may be safes that combine both sets of features but they aren't sold at everyday retailers. A fire safe is typically made up of insulating material and you could probably cut through it pretty easily. A security safe tends to be made of high-strength materials. As a DIY measure, I guess you could put a security safe inside of a fire safe! I wouldn't do the other way around as the fire might prevent the security safe from opening.

My Sentry safe model 1250..

was broken into in the less than twenty minutes between when someone kicked in my door and the Seattle police responded. They took everything in it. Sentry makes horrible safes.

Re:My Sentry safe model 1250..

This. The German rank and file police I worked with had the equivalent of a Master's degree in criminal justice. The English police had a year of training for unarmed combat.

US police might get a few hours, but the majority of their training is at the range, so they do what they are trained to do in a heated situation; draw, aim for center of mass and empty the magazine on their duty weapon, and then fill out the paperwork while out on paid leave. That is just how the US police system works. The officers are good people, and few are truly bloodthirsty, but their training is essentially limited to gun battles, with not much left over for situations that don't require deadly force 24/7.

If you gave US police officers similar training as European, Japanese, or even Canadian officers, things would be completely different.

Re: My Sentry safe model 1250..

[dunkelfalke]

Maybe where you come from, but German police is trained to shoot to stop. This is one of the reasons why in Germany only about 12 persons per year get shot to death by the police. German police is also trained to only shoot as ultima ratio when there is no other way to stop a person instead of using their firearm when they are scared. This is why many German cops never once have shot at people during their decades-long carreer.

Re:My Sentry safe model 1250..

[kelemvor4]

This. I work for the Seattle city government, and we demand a less than four hour response to all break-ins. We are trying very hard.

That's pretty pathetic. To be useful it needs to be a lot closer to 15 minutes. Otherwise, they're never going to catch anyone or save any lives. At 1+ hours, all they're doing is playing secretary as they write a report.
If you can't protect your citizens better than that, you should be encouraging gun ownership and self defense/home security type training for citizens.
In Tampa, FL I've had to call the police 2 or 3 times in the past decade. They've always come very quickly, I don't have actual times but I'm thinking close to 15 minutes for sure.

I just can't get over it. You're proud of a 4 hour response time? That's really bad.

Very Cool Application

[mykepredko]

I know this isn't at the level of what you'd see in a James Bond movie, but neither is the Sentry safe.

Congratulations to the team at SparkFun!

James Bond

[AHuxley]

On Her Majesty's Secret Service (1969) had that safe-cracking machine.

Re:So, not surprised they're not all that secure

[starblazer]

1) steal safe
2) stash safe
3) attach robot
4) profit?

Key to this is to make sure its bolted to the floor. Most home safes aren't.

Re:So, not surprised they're not all that secure

[arth1]

Many of the Sentry safes can be opened in seconds with a powerful magnet. They're useful for keeping honest people honest, and give moderate protection from fires, depending on placement.
Mechanical safes are generally safer (no pun intended) than keypad ones, but there are still lots of exploits for quite a few of the common safe models.

Re:Help me understand this

[gl4ss]

it's defcon.

that is, nowadays it seems it's just about a) money b) cheesy pr stunts to get said money.

why do you think it's in vegas and not say in hamburg?

never mind the fact that it was just a brute forcer - ultrasonic detection, xrays, click detection or anything - just brute force an amount a human could brute force!.

like okay, just have it as an exhibit on the show floor.. okay.

but just take a look at the talks. okay there's apple watch jailbreak but thats about it and even that is kind of a who gives a fuck when you can buy open smartwatches for 1/6th of the price

Re:Seriously, BBC?

[AmiMoJo]

The BBC hasn't been at the forefront of tech for many years. They developed a lot of cool stuff back in the day, but their streaming video tech is abysmal. Flash required for BBC News embedded videos, and iPlayer's video quality is terrible ("HD" is only 720p, very low bit rate and poor encoder).