Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Hardware Hacking

Hacker Set To Demonstrate 60 Second Brinks Safe Hack At DEFCON 147

darthcamaro writes: Ok so we know that Chrysler cars will be hacked at Black Hat, Android will be hacked at DEFCON with Stagefright, and now word has come out that a pair of security researchers plan on bringing a Brinks safe onstage at DEFCON to demonstrate how it can be digitally hacked. No this isn't some kind of lockpick, but rather a digital hack, abusing the safe's exposed USB port. And oh yeah, it doesn't hurt that the new safe is running Windows XP either.
This discussion has been archived. No new comments can be posted.

Hacker Set To Demonstrate 60 Second Brinks Safe Hack At DEFCON

Comments Filter:
  • Seriously! (Score:5, Insightful)

    by invictusvoyd ( 3546069 ) on Tuesday July 28, 2015 @04:39AM (#50195577)
    Digital safe running XP = = special ops commando running with a muzzle load flint lock.
    • by Viol8 ( 599362 )

      A flintlock that has a good chance of exploding in your face when you fire it because Ball 1.1 is slightly too big for Barrel 1.0.

      • And support fro barrel 1.0 has recently been terminated. The shiny new barrel is called barrel ME . Ya gotta get it because you have NO choice . I repeat no choice.
        • The article says it's nothing to do with the OS, but any excuse, eh?

          • Re:Seriously! (Score:5, Insightful)

            by vtcodger ( 957785 ) on Tuesday July 28, 2015 @07:40AM (#50196175)

            A "safe" with a USB port? What could possibly go wrong?

          • by cfalcon ( 779563 )

            > The article says it's nothing to do with the OS, but any excuse, eh?

            That is not what it says. What it says is:

            '
            "Even if the CompuSafe were running Windows 10, it wouldn't have changed the exploit that we will be demonstrating," Salazar said.
            '

            That's not "nothing to do with the OS". That's "any version of Windows".

    • by Stuarticus ( 1205322 ) on Tuesday July 28, 2015 @05:06AM (#50195641)
      Yeah they should be running Windows ten, so many bugs even the exploits won't run.
    • Re:Seriously! (Score:5, Insightful)

      by thegarbz ( 1787294 ) on Tuesday July 28, 2015 @05:13AM (#50195657)

      I think a more apt example would be a special ops commando dragging a trebuchet. It's slow, unwieldly, probably would hinder you more than help you, and is incredibly heavy for an otherwise simple mission.

      The WTF is not that it is running Windows XP, it's that it is running a full blown OS at all.

      • Re:Seriously! (Score:5, Interesting)

        by oobayly ( 1056050 ) on Tuesday July 28, 2015 @05:44AM (#50195743)

        This was my immediate thought too. Dave on eevblog did two videos on seeing if there was a power line vulnerability on a cheap digital safe - they're pretty interesting, plus he's quite amusing to watch.

        EEVblog #762 - How Secure Are Electronic Safe Locks? [youtube.com]
        EEVblog #771 - Electronic Safe Lock Powerline Attack Part 2 [youtube.com]

      • I didn't read the actual article, but from some other comments on here, it sounds like this is doing a bit more than a traditional safe: Counting the funds inserted and Transmitting this deposit to the bank to name just a couple things. This means: - Network/Internet access to some degree, including all the necessary security features (SSL, etc) - Peripheral access (bill reader) - Some sort of confirmation on the safe that the deposit was completed Considering this has been described by some as an "ATM i
      • Comment removed based on user account deletion
        • If the main consideration were money, you would think an open-source OS would win.

          • If the main consideration were money, you would think an open-source OS would win.

            People dumb enough to buy a safe with a USB port are probably more comfortable with Windows.

            • by TWX ( 665546 )
              You're assuming that the end owner of the safe even has access to the Windows Shell in a meaningful way. I expect they've replaced the shell with something of their own devising.

              I also expect that they spent as little as possible on making the computer-side of the device and didn't even consider the digital security aspects of their choices. Pretty stupid for a security company, but it wouldn't be the first time that such decisions have been made.
    • Re:Seriously! (Score:5, Informative)

      by Mal-2 ( 675116 ) on Tuesday July 28, 2015 @05:23AM (#50195683) Homepage Journal

      In this case, the Windows version is irrelevant. They didn't attack Windows, they attacked the software running on top of it. Since the OS wasn't compromised, upgrading it would do one of two things: (1) break things, either a little or a lot OR (2) absolutely nothing.

      "Even if the CompuSafe were running Windows 10, it wouldn't have changed the exploit that we will be demonstrating," Salazar said.

      It's right in there. Of course that would require reading the article, and I'm sure I broke some unwritten rule by doing so.

      • I've read the article and am fully aware that windows XP had no role in this particular exploit but just the thought of a digital safe running a fully blown bloatware OS like XP is so offending that many of us can't restrain ourselves .
      • Re:Seriously! (Score:5, Insightful)

        by K. S. Kyosuke ( 729550 ) on Tuesday July 28, 2015 @06:19AM (#50195837)

        In this case, the Windows version is irrelevant. They didn't attack Windows, they attacked the software running on top of it.

        There may be a somewhat strong correlation between being so stupid that you decide to run Windows XP on a sensitive embedded system and being so stupid that you write a sensitive application in a way that makes the whole system have obvious mistakes in it.

      • by Anonymous Coward

        It's XP.

        Its full of known holes.
        It's not supported anymore.
        It does lots of things that are unwanted for this process.
        It has a huge attack surface as a result.
        Brinks could never have certified that secure because they used an OS with known security holes that they could never have audited themselves because its closed to them.

        WTF! Who would be so stupid as to do that? Are they a division of Diebold??

      • You may have just created a time paradox that would destroy the universe as we know. On the other hand, it may just be localized to those who don't read the article...

    • Because?

      No, you have no reason why XP is wrong for the job, you're just parroting what you've heard others say without understanding why.

      In an embedded environment with limited attack vectors, XP is fine.

      Note: They aren't even attacking XP here, they are attacking the software Brink's themselves wrote. Might be a good idea to get a clue before blaming the wrong thing fanboy.

      • Because?

        No, you have no reason why XP is wrong for the job, you're just parroting what you've heard others say without understanding why.

        In an embedded environment with limited attack vectors, XP is fine.

        Note: They aren't even attacking XP here, they are attacking the software Brink's themselves wrote. Might be a good idea to get a clue before blaming the wrong thing fanboy.

        Agreed. Likely version that ATMs that run XP it's probably the embedded version (on a cheap single board computer with a USB sevice port). Most of the insecurities in XP vanish when you don't attach a web browser, many of the rest when you strip out what isn't in the embedded version. So XP can be made pretty secure. It's possible that it's firewalled - I'd hope so.

        It's also possible the Brinks app is Java - and that the exploit is an MiM. In which case the same weakness would likely remain on whatever OS i

  • by invictusvoyd ( 3546069 ) on Tuesday July 28, 2015 @04:44AM (#50195585)

    "A large portion of the attack is about escaping out of the kiosk mode that is put in place on the safe, in order to prevent someone from accessing the backend system,"

    And I thought Tom Cruise would be dodging laser beams and planting a sophisticated code cracking super gadget into the USB port.

    • by Megane ( 129182 )
      If they had used a Mac instead, Jeff Goldblum would get the safe to hack YOU! (In Soviet Russia, of course!)
  • Surely if this is supposed to be a highly secure box it would be a good idea to have an old fashioned mechanical lock alongside the electronic stuff so if one system fails the other is still in operation? Also what happens in a power cut?

    • by Mal-2 ( 675116 ) on Tuesday July 28, 2015 @05:19AM (#50195673) Homepage Journal

      It's basically an ATM in reverse, for stores. Put money in, and you're not SUPPOSED to be able to get it back out. Instead, it immediately shows up in your bank account. The bank will come around and empty the safe when it is convenient to them. If the power fails, they'll just have to come back some other time.

      At least that's the plan. The exploit clearly shows that someone other than the bank or a Brinks employee CAN open the safe.

      But of course, nobody reads the articles before complaining. This is /. after all.

      • by Viol8 ( 599362 )

        Thanks, but I did read the article first. However obviously you must have understood it much better than I, so if you could point me to the part that describes why a mechanical backup lock would be impossible to install in the safe I'd be much ablidged.

        • by msauve ( 701917 )
          OK, I'll play.

          it would be a good idea to have an old fashioned mechanical lock alongside the electronic stuff so if one system fails the other is still in operation? Also what happens in a power cut?

          So, you seem to be describing this mechanical backup in two different ways - first, as a backup for the locking function. Second, as a backup for the _unlocking_ function. Which is it? Do you mean for the mechanical system to also need to be opened in order to open the safe, to protect against electronics hacks

          • by Viol8 ( 599362 )

            No, I meant as a secondary seperate lock you idiot.

            • So if the power is out and the electronic lock can't be opened, how is your separate lock supposed to help, idiot?

              • by Viol8 ( 599362 )

                Wtf has power out got to do with it? That was a seperate issue question. FFS, can you read english?

            • by fisted ( 2295862 )

              They probably didn't imagine their electronic lock to be vulnerable; you'd only install a mechanical backup if you already assume that your primary locking mechanism is not secure. News at 11, "smart" guy.

              • by Viol8 ( 599362 )

                In plenty of fields (aviation, industrial, railway) there's always a backup failsafe system. No one expects any one system to be 100% fooolproof. Perhaps they - and you - could go learn something from these areas.

                • by fisted ( 2295862 )

                  To put it in your own retarded words:
                  Thanks, but I did think about what i wrote first. However obviously you must have understood it much better than I, so if you could point me to the part that describes how I personally assume that any particular system was secure, I'd be much ablidged[sic].

                  No one expects any one system to be 100% fooolproof

                  I'm pretty sure that's not true. For an example of a safe manufacturer that does expect this, see this very story.

                  Are you done now making yourself look like an idiot?

            • by msauve ( 701917 )
              Are you unable to understand English? If it's a "secondary separate lock," how does that help if the primary, electronic lock fails to open? It's still locked.

              And, if it's a secondary, mechanical unlock, then how does it prevent the hack at issue from being effective?
        • You can open the safe with just a piece of metal?

          Yeah, that'll work.

          • by Viol8 ( 599362 )

            Who said anything about a key? You ever seen a proper combination banking safe? Anyway, I meant have the mechanical locking as a secondary backup, not as a failsafe opening mechanism for the electronic lock.

      • People on /. are smarter than you think. Since the article summary contains the word "Windows XP" the "fact" that many other people can open the safe was an automatic assumption.
      • ATMs (the kind built into the wall at the bank) take deposits these days, so why not just use one of those?

        • This safe is located in the store, it also likely is designed to take much larger number of bills compared to the ATM input hopper.

        • by bws111 ( 1216812 )

          ATMs require access to the account. Think it's a good idea to give all your employees access to your bank account?

          ATMs do not count the money (well, some count individually inserted bills - just what you want your employee to be doing)

          ATMs do not create reports of deposits made.

          ATMs do not allow management to remotely check on deposits.

          • Your objections are just a matter of software for an ATM customized for this application. Except the one about ATMs not able to count money. Huh? You can put a stack of cash in the thing and it will count the money including identifying the denominations.

            • by bws111 ( 1216812 )

              And by the time you have modified the ATM software you no longer have an ATM, you have this safe. So what exactly is the point?

  • I have been to defcon in the past. What is amusing is all the people there from a variety of three letter agencies. They are usually the ones with nice shoes and/or dressed in dark attire. That is my impression at least though I suppose I could be mistaken. Anyhow, the amusement is in the number of them. I suspect they could send fewer or just get together and send a lot fewer people. In some of the smaller and more detailed talks there would be a bunch of them and they seem to gravitate towards each other.

    • I have been to defcon in the past. What is amusing is all the people there from a variety of three letter agencies.

      Spot the Fed is always fun. I've always wondered how many that look obvious then are just low ranking Postal workers taking the piss.

      There's been talk in the past of banning them - but I don't think the organisers are actually serious about it. I think it's one of the main attractions. They have the best swag to swap.

  • Why? (Score:5, Insightful)

    by bickerdyke ( 670000 ) on Tuesday July 28, 2015 @05:19AM (#50195669)

    Why does a safe need an operating system?

    And then why for heavens sake has it to be a desktop operating system? Does it need to run MS Office or what was the design idea here? It's not like there are especially hardened OSses out there for embedded devices. (Not to mention that this means we have a safe that's running on a x86 architecture)

    And after having such a terrible design idea, why have it implemented by a moron using an out of date, unsupported, and buggy OS?

    • by Anonymous Coward

      The same question could easily be asked about voting machines. The answers here are fairly obvious, and there is a definite overlap in the answers for each case.

    • by msauve ( 701917 )
      "why for heavens sake has it to be a desktop operating system?"

      You're making assumptions. Rather than run a desktop OS like Windows XP Professional, it's more likely running Windows XP Embedded [microsoft.com], which is intended for this type of use.
      • Point taken. But to my defense, this assumption is firmly grounded in the summary speaking of a Windows XP based device and not an XP embedded based device.

        I still doubt if Windows based OS was a good design descision, but if all you have is a bunch of windows developers, you tend to solve every problem with a hammer.

        • For all intents and purposes, the underlying OS should not have even been mentioned. It had NOTHING to do with the hack.
          • Still haven't read the actual TFA, but from the summary I understood that most of the hack was gaining access to the OS UI by forcing the OS out of the kiosk mode.

            I may be wrong, but I'm still in line with the summary.

      • You're making assumptions. Rather than run a desktop OS like Windows XP Professional, it's more likely running Windows XP Embedded, which is intended for this type of use.

        It may be intended for this type of use, but is highly inappropriate. The reason companies use XP Embedded (arguably the only reason XP Embedded ever managed to gain any market share in embedded systems) is because you can write software for it using the Windows API. In other words, you can tap into the millions of software developers o

    • Every computer has an OS, its just a question of how complex it is.

      XP Embedded is not XP desktop anymore than Android is Debian. They aren't running a desktop OS any more than your cell phone is.

      XP Embedded is not unsupported, and you're an idiot since you seem to think you have some non-buggy OS. The fact that you make such a comment tells me you know so little about software dev that you have no business even commenting in this conversation. All software has bugs.

      • As I'm earning my living with software development I'm quite aware that there is no bug free software (beyond "hello world"). But I'm also aware that the number of bugs correlates with the software's size and complexity.

        That's why you don't use a more complex OS then required. That you mention XP embedded is making it much better, but the summary mentioned a plain XP only.

        • Depending on language, "Hello World" may inherit bugs from the compiler used to produce its binary. Otherwise, it gets its bugs from the interpreter or VM.
          • by tlhIngan ( 30335 )

            Depending on language, "Hello World" may inherit bugs from the compiler used to produce its binary. Otherwise, it gets its bugs from the interpreter or VM.

            Even "hello, world" itself has many bugs in many implementations.

            I mean, do you check to see that stdout is actually connected before you blindly output? Or do you just output and hope for the best? ("hello, world" that doesn't print "hello, world" would be considered a failure).

            Do you check all return values? Do you even know that printf() in C has a ret

    • Why does a safe need an operating system?

      This thing is not a "safe" in the sense of a monothithic box with a door where you might keep your Krugerands. Compusafe [brinkscompusafe.com] is a gas station/back office safe, with a touch screen GUI, cash reporting, and centralized accounting. ie, your night clerk drops a stack of bills into the loading tray, and the safe counts them, separates them, and sends a note home how much is in it. This seems to be a 4th generation product, so, like most software running on legacy platforms, I would guess that Brinks thinks the fa

    • by AmiMoJo ( 196126 )

      Why does a safe need an operating system?

      It's more than just a safe. The shop puts money in and the bank credits their account immediately, and then comes to collect the cash say every week. So it has to report back how much money has been put in, like an ATM that you can pay money in to.

      And then why for heavens sake has it to be a desktop operating system?

      Because long ago the company designed and built an ATM that ran on Windows XP, and didn't want to spend money upgrading to something better and porting/re-testing all their software. You see this a lot in industrial designs. Something works so there is reluctance

      • Thanks for the update. From the summary I was expecting some kind of new "lifestyle" safe, like the new entertainment systems they just have to slap into every car no also being a thing on safes.

    • Why does a safe need an operating system?

      Because it is computerized and does more than control a lock. When was the last time you saw a computer without any sort of operating system?

      And then why for heavens sake has it to be a desktop operating system?

      Because that's what most people know how to write software for. Not saying it was a good choice but I understand why they did it.

      It's not like there are especially hardened OSses out there for embedded devices.

      It's not an embedded device. It runs a pretty much bog standard PC. I've actually worked on some of the hardware in these in my day job a while back on a project. (No I had nothing to do with the design or the implementation of them nor

  • There's something to this kind of news... Why do they even put an operating system on such a specialized device, that is dedicated to only one task? The point of an operating system is to be able to run different programs on the same machine. It's certainly easier to build over one, but is it worth the trouble?
    • Microsoft gave them a huge discount of course.
    • There's something to this kind of news... Why do they even put an operating system on such a specialized device, that is dedicated to only one task? The point of an operating system is to be able to run different programs on the same machine. It's certainly easier to build over one, but is it worth the trouble?

      If this is the product that I think it is, then it is a fireproof safe specifically designed to keep computer data safe through a short but intense (up to 2 hour) fire. Some of the more "sophisticated" models allow you to backup and retrieve data without removing the drives from the safe. I'm not sure what value that provides, to be honest. But the USB port and computer OS are likely to provide access control to the data inside the safe.

    • by bws111 ( 1216812 )

      Here [brinks.com] is one of these safes. The first, most obvious thing is that it has a touch-screen device, a printer, a network connection, a card reader, a cash counter, and a safe. That is a lot of hardware to drive with no OS.

      It also has mutliple users, with various roles for each user. Sounds like more OS stuff.

      It has ways to add and delete users, and change passwords. More OS stuff.

      It can make reports, so obviously it has some sort of storage, which means some sort of file system. More OS stuff.

      It has ways t

  • Good old USB HID keyboard attack... Net hunter tablet, anyone?
  • If I had some stuff I wanted to keep secure, I would buy a safe with a dial combination lock, not an electronic safe (and certainly not one with software sophisticated enough that it needs an actual OS underneath it)

    • If I had some stuff I wanted to keep secure, I would buy a safe with a dial combination lock, not an electronic safe (and certainly not one with software sophisticated enough that it needs an actual OS underneath it)

      But then you wouldn't be able to have your safe count your money for you. It wouldn't be able to confirm who made the deposit. It wouldn't be able to communicate with your central office to tell you how much money was at each different location. It wouldn't be able to call the bank for a pickup when it's full. My guess is this is basically the same as ATM/USB hacks [krebsonsecurity.com], where Brinks decided that the safe is going to be installed in a sufficiently secure area that it's OK to leave a USB port exposed.

    • It really depends on what you are keeping in there. Mechanical spin locks take time to open and have an extremely low Wife Acceptance Factor. Good for cash and valuables but not so good for jewelry or shared stuff, or for guns you keep for home security. Keyed locks have the disadvantage of requiring you to carry the key, and like spin locks they are not so good for stuff you may have to get out of there in a hurry, but good for cash, jewels and documents. Electronic locks are great if you need your saf
    • by bws111 ( 1216812 )

      Well, it is easy to make statements like that when you have no idea what the thing actually is or how it is used.

      First, this thing is meant to be used in stores, gas stations, etc. The employee logs on and puts the cash in and it is counted and reported to the bank. The manager can check and see how much cash is in there and who put it in. At some later time, an armed Brinks employee comes in and empties the safe.

      So, what happens with your simple safe? Assuming you aren't dumb enough to give the employe

  • by jenningsthecat ( 1525947 ) on Tuesday July 28, 2015 @07:48AM (#50196215)

    FTA: "So the issue isn't so much that there is no acknowledgment that there is a problem; rather, the vendors have been pointing fingers about whose problem it is for over a year, without progress made on the actual resolution."

    Finger pointing or not, it's hard to believe that it could take that long to address the issue. Even if they can't get their shit together to fix the fundamental problem, couldn't they at least kludge in a piece of gateway software that would intercept the USB port data and raise the difficulty level of gaining access and exiting kiosk mode? That, plus actual lock-and-key protection of the port, (and maybe a retrofit of a custom connector that would make it even more difficult to make the physical connection), would buy them a lot of time to get through the exercise of deciding who's going to fix the REAL problem.

    Speaking of fixing the problem - I know the answer to this, but I have to ask anyway: What happened to the practice of just fixing it because you can, and because it makes you look good, without regard to whose fault the problem was in the first place? They could have had this taken care of inside two weeks - maybe a month at the outside - if they weren't playing juvenile schoolyard politics.

    • Even if they can't get their shit together to fix the fundamental problem, couldn't they at least kludge in a piece of gateway software that would intercept the USB port data and raise the difficulty level of gaining access and exiting kiosk mode?

      Or disable the USB port...at the factory...by not installing it.

  • ...the safe's exposed USB port....

    Why not just paint a large target on the front of the safe?

  • by pla ( 258480 ) on Tuesday July 28, 2015 @08:50AM (#50196459) Journal
    They call it a "lock and key". Totally uncrackable over the internet or via USB, and although exploits do exist, for higher quality setups they take considerable time with physical access to the device.

    The "IoT" is not our friend, folks - It turns solid, reliable old-school products into yet another vector for malware in your house. And if you think reinstalling Windows sucks, how about having your oven go into self-cleaning mode during your vacation without the safety latch closed? How about having your blender "playfully" get your cat's attention with brief pulses before going full puree? How about overriding your on-demand hot water heater to its "steam clean" setting with you in the shower?

    I love toys, including electronics. But the fewer things in my house vulnerable to remote exploits, the better. My toaster should have one dial and one lever and zero computers, period.
  • ...why in the world would you need a full-fledged OS just to run a safe? Is there any reason besides stupidity that you wouldn't put an FPGA or something running a simple hard-coded application in there?

    This whole thing makes my head spin- I couldn't be any more surprised if I found out that my toaster or can opener was running Win95, or ANY full-fledged OS. Now I wonder what OS my toothbrush is running on. And the napkin holder on my dining room table- what OS does it use?
    • by bws111 ( 1216812 )

      It is a 'safe' in the same sense an ATM is a safe. It counts (and sorts) the money that is inserted and credits it to your bank account. It records who made deposits (requires user management). It prints reports. It notifies Brinks when it is time to empty the safe. It allows a remote manager access to see deposits made, etc.

      So at the very least it needs to interface with a bill counter/sorter, network (encryption, etc), touch screen, printer, card reader, and lock mechanism. Is there any reason besid

  • This seems to be a big problem - large companies seem to be completely unaware of how to hire people to do technical work. Instead, some dumb admin who's been doing Windows for ages said, "Hey! Let's use Windows in our new iSafe!", and this is why they have the worst example of problematic code running in something that's supposed to keep belongings safe.

    I don't care how many people claim Windows can be made secure. It simply should not be used for anything sensitive.

  • So if the money belongs to the bank as soon as it's in the safe, does that make any hack into the safe bank robbery?

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...