Hacker Set To Demonstrate 60 Second Brinks Safe Hack At DEFCON 147
darthcamaro writes: Ok so we know that Chrysler cars will be hacked at Black Hat, Android will be hacked at DEFCON with Stagefright, and now word has come out that a pair of security researchers plan on bringing a Brinks safe onstage at DEFCON to demonstrate how it can be digitally hacked. No this isn't some kind of lockpick, but rather a digital hack, abusing the safe's exposed USB port. And oh yeah, it doesn't hurt that the new safe is running Windows XP either.
Seriously! (Score:5, Insightful)
Re: (Score:2)
A flintlock that has a good chance of exploding in your face when you fire it because Ball 1.1 is slightly too big for Barrel 1.0.
Re: (Score:2)
Re: (Score:3)
The article says it's nothing to do with the OS, but any excuse, eh?
Re:Seriously! (Score:5, Insightful)
A "safe" with a USB port? What could possibly go wrong?
Re: (Score:2)
> The article says it's nothing to do with the OS, but any excuse, eh?
That is not what it says. What it says is:
'
"Even if the CompuSafe were running Windows 10, it wouldn't have changed the exploit that we will be demonstrating," Salazar said.
'
That's not "nothing to do with the OS". That's "any version of Windows".
Re: (Score:2)
Any malware on a Windows system is bad Windows security. Any malware on Linux is Linux is the kernel! Very few (lately) exploits are Windows kernel (the explorer.exe process) and most are a fault of an application running on top of the kernel (which should have, and does have, better protection). We just see what we want to see and have our own prejudices. If we strip it down to current threats across the kernel (or across software loaded on the kernel) but keep them equal the numbers look different which i
Re: (Score:2)
Malware in Windows is bad because Windows only has one "distro" at a time, so Windows is the whole OS. That means, there's no group of people elsewhere doing it correctly that you could have used instead, and much more importantly, *it's almost impossible to replace any part of the Windows OS anyway".
The complainers are correct. Since every Windows comes "stamped and sealed", it either fails or works entirely holistically. Since Linux has so many more pieces, it's not nearly as interesting if a single Di
Re: (Score:2)
Part of the issue is that the software that comes standard with Linux dwarfs what comes with Windows. For example, Linux distros typically come with and office suite (or 2), multiple mail servers and clients, a full development suite and many many more things that you must buy separately for Windows.
Of course, you can easily do a minimal (base) install of Linux that includes no GUI at all.
So, at best it's a matter of picking and choosing a kinda sorta apples to apples installation of Windows and Linux. Wher
Re: (Score:2)
If the OS was Linux there'd be scamperin' going on to show it had nothing to do with the OS.
In Windows the whole stack, is monolithic chunk, your browser your display manager, your, shell and you kernal all come together and a re made by the same group. In Linux distros everything is modular can be swamped out, and is made by unrelated groups (KDE, GNU, Apache, Mozilla, Oracle, X11, OpenSSH, Redhat), So it is only a Linux bug if it is in the Linux Kernel. It is a windows bug if it comes with anywhere in the whole software stack (NT kernal, trident rendering engine, .net runtime, win32 libraries )
Re:Seriously! (Score:5, Funny)
Re: (Score:2)
Re: (Score:3)
Security by obscurity
Really, what were they thinking by not using OS2.
Re:Seriously! (Score:5, Insightful)
I think a more apt example would be a special ops commando dragging a trebuchet. It's slow, unwieldly, probably would hinder you more than help you, and is incredibly heavy for an otherwise simple mission.
The WTF is not that it is running Windows XP, it's that it is running a full blown OS at all.
Re:Seriously! (Score:5, Interesting)
This was my immediate thought too. Dave on eevblog did two videos on seeing if there was a power line vulnerability on a cheap digital safe - they're pretty interesting, plus he's quite amusing to watch.
EEVblog #762 - How Secure Are Electronic Safe Locks? [youtube.com]
EEVblog #771 - Electronic Safe Lock Powerline Attack Part 2 [youtube.com]
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
If the main consideration were money, you would think an open-source OS would win.
Re: (Score:2)
If the main consideration were money, you would think an open-source OS would win.
People dumb enough to buy a safe with a USB port are probably more comfortable with Windows.
Re: (Score:2)
I also expect that they spent as little as possible on making the computer-side of the device and didn't even consider the digital security aspects of their choices. Pretty stupid for a security company, but it wouldn't be the first time that such decisions have been made.
Re:Seriously! (Score:5, Informative)
In this case, the Windows version is irrelevant. They didn't attack Windows, they attacked the software running on top of it. Since the OS wasn't compromised, upgrading it would do one of two things: (1) break things, either a little or a lot OR (2) absolutely nothing.
"Even if the CompuSafe were running Windows 10, it wouldn't have changed the exploit that we will be demonstrating," Salazar said.
It's right in there. Of course that would require reading the article, and I'm sure I broke some unwritten rule by doing so.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
For controlling a safe an MCU-based system would be most suited.
Re: (Score:2)
Re:Seriously! (Score:5, Insightful)
In this case, the Windows version is irrelevant. They didn't attack Windows, they attacked the software running on top of it.
There may be a somewhat strong correlation between being so stupid that you decide to run Windows XP on a sensitive embedded system and being so stupid that you write a sensitive application in a way that makes the whole system have obvious mistakes in it.
50 ways to break it (Score:1)
It's XP.
Its full of known holes.
It's not supported anymore.
It does lots of things that are unwanted for this process.
It has a huge attack surface as a result.
Brinks could never have certified that secure because they used an OS with known security holes that they could never have audited themselves because its closed to them.
WTF! Who would be so stupid as to do that? Are they a division of Diebold??
Re: (Score:2)
You may have just created a time paradox that would destroy the universe as we know. On the other hand, it may just be localized to those who don't read the article...
Re: (Score:2)
Because?
No, you have no reason why XP is wrong for the job, you're just parroting what you've heard others say without understanding why.
In an embedded environment with limited attack vectors, XP is fine.
Note: They aren't even attacking XP here, they are attacking the software Brink's themselves wrote. Might be a good idea to get a clue before blaming the wrong thing fanboy.
Re: (Score:2)
Because?
No, you have no reason why XP is wrong for the job, you're just parroting what you've heard others say without understanding why.
In an embedded environment with limited attack vectors, XP is fine.
Note: They aren't even attacking XP here, they are attacking the software Brink's themselves wrote. Might be a good idea to get a clue before blaming the wrong thing fanboy.
Agreed. Likely version that ATMs that run XP it's probably the embedded version (on a cheap single board computer with a USB sevice port). Most of the insecurities in XP vanish when you don't attach a web browser, many of the rest when you strip out what isn't in the embedded version. So XP can be made pretty secure. It's possible that it's firewalled - I'd hope so.
It's also possible the Brinks app is Java - and that the exploit is an MiM. In which case the same weakness would likely remain on whatever OS i
wow (Score:3)
"A large portion of the attack is about escaping out of the kiosk mode that is put in place on the safe, in order to prevent someone from accessing the backend system,"
And I thought Tom Cruise would be dodging laser beams and planting a sophisticated code cracking super gadget into the USB port.
Re: (Score:2)
Why not have mechanical security too? (Score:2)
Surely if this is supposed to be a highly secure box it would be a good idea to have an old fashioned mechanical lock alongside the electronic stuff so if one system fails the other is still in operation? Also what happens in a power cut?
Re:Why not have mechanical security too? (Score:5, Informative)
It's basically an ATM in reverse, for stores. Put money in, and you're not SUPPOSED to be able to get it back out. Instead, it immediately shows up in your bank account. The bank will come around and empty the safe when it is convenient to them. If the power fails, they'll just have to come back some other time.
At least that's the plan. The exploit clearly shows that someone other than the bank or a Brinks employee CAN open the safe.
But of course, nobody reads the articles before complaining. This is /. after all.
Re: (Score:2)
Thanks, but I did read the article first. However obviously you must have understood it much better than I, so if you could point me to the part that describes why a mechanical backup lock would be impossible to install in the safe I'd be much ablidged.
Re: (Score:2)
So, you seem to be describing this mechanical backup in two different ways - first, as a backup for the locking function. Second, as a backup for the _unlocking_ function. Which is it? Do you mean for the mechanical system to also need to be opened in order to open the safe, to protect against electronics hacks
Re: (Score:1)
No, I meant as a secondary seperate lock you idiot.
Re: (Score:1)
So if the power is out and the electronic lock can't be opened, how is your separate lock supposed to help, idiot?
Re: (Score:1)
Wtf has power out got to do with it? That was a seperate issue question. FFS, can you read english?
Re: (Score:2)
They probably didn't imagine their electronic lock to be vulnerable; you'd only install a mechanical backup if you already assume that your primary locking mechanism is not secure. News at 11, "smart" guy.
Re: (Score:2)
In plenty of fields (aviation, industrial, railway) there's always a backup failsafe system. No one expects any one system to be 100% fooolproof. Perhaps they - and you - could go learn something from these areas.
Re: (Score:2)
To put it in your own retarded words:
Thanks, but I did think about what i wrote first. However obviously you must have understood it much better than I, so if you could point me to the part that describes how I personally assume that any particular system was secure, I'd be much ablidged[sic].
No one expects any one system to be 100% fooolproof
I'm pretty sure that's not true. For an example of a safe manufacturer that does expect this, see this very story.
Are you done now making yourself look like an idiot?
Re: (Score:2)
I guess the irony here is lost on you.
Re: (Score:2)
That the best comeback you can manage? Go back to bed.
Re: (Score:2)
This isn't about comebacks. For me, anyway.
Re: (Score:2)
And, if it's a secondary, mechanical unlock, then how does it prevent the hack at issue from being effective?
Re: (Score:2)
You can open the safe with just a piece of metal?
Yeah, that'll work.
Re: (Score:2)
Who said anything about a key? You ever seen a proper combination banking safe? Anyway, I meant have the mechanical locking as a secondary backup, not as a failsafe opening mechanism for the electronic lock.
Re: (Score:2)
Re: (Score:2)
ATMs (the kind built into the wall at the bank) take deposits these days, so why not just use one of those?
Re: (Score:2)
This safe is located in the store, it also likely is designed to take much larger number of bills compared to the ATM input hopper.
Re: (Score:2)
ATMs require access to the account. Think it's a good idea to give all your employees access to your bank account?
ATMs do not count the money (well, some count individually inserted bills - just what you want your employee to be doing)
ATMs do not create reports of deposits made.
ATMs do not allow management to remotely check on deposits.
Re: (Score:2)
Your objections are just a matter of software for an ATM customized for this application. Except the one about ATMs not able to count money. Huh? You can put a stack of cash in the thing and it will count the money including identifying the denominations.
Re: (Score:2)
And by the time you have modified the ATM software you no longer have an ATM, you have this safe. So what exactly is the point?
Interesting Observation... (Score:2)
I have been to defcon in the past. What is amusing is all the people there from a variety of three letter agencies. They are usually the ones with nice shoes and/or dressed in dark attire. That is my impression at least though I suppose I could be mistaken. Anyhow, the amusement is in the number of them. I suspect they could send fewer or just get together and send a lot fewer people. In some of the smaller and more detailed talks there would be a bunch of them and they seem to gravitate towards each other.
Re: (Score:3)
I have been to defcon in the past. What is amusing is all the people there from a variety of three letter agencies.
Spot the Fed is always fun. I've always wondered how many that look obvious then are just low ranking Postal workers taking the piss.
There's been talk in the past of banning them - but I don't think the organisers are actually serious about it. I think it's one of the main attractions. They have the best swag to swap.
Spot The Fed Defcon Edition (Score:1)
I think they started playing StF like the second Defcon so yeah Elite "Players" will be able to spot the feds not obvious.
Re: (Score:3)
You check out as the real KGIII. Or a very good KGIII Markov chain text generator.
Why? (Score:5, Insightful)
Why does a safe need an operating system?
And then why for heavens sake has it to be a desktop operating system? Does it need to run MS Office or what was the design idea here? It's not like there are especially hardened OSses out there for embedded devices. (Not to mention that this means we have a safe that's running on a x86 architecture)
And after having such a terrible design idea, why have it implemented by a moron using an out of date, unsupported, and buggy OS?
Re: (Score:1)
The same question could easily be asked about voting machines. The answers here are fairly obvious, and there is a definite overlap in the answers for each case.
Re: (Score:2)
You're making assumptions. Rather than run a desktop OS like Windows XP Professional, it's more likely running Windows XP Embedded [microsoft.com], which is intended for this type of use.
Re: (Score:2)
Point taken. But to my defense, this assumption is firmly grounded in the summary speaking of a Windows XP based device and not an XP embedded based device.
I still doubt if Windows based OS was a good design descision, but if all you have is a bunch of windows developers, you tend to solve every problem with a hammer.
Re: (Score:1)
Re: (Score:2)
Still haven't read the actual TFA, but from the summary I understood that most of the hack was gaining access to the OS UI by forcing the OS out of the kiosk mode.
I may be wrong, but I'm still in line with the summary.
Re: (Score:2)
It may be intended for this type of use, but is highly inappropriate. The reason companies use XP Embedded (arguably the only reason XP Embedded ever managed to gain any market share in embedded systems) is because you can write software for it using the Windows API. In other words, you can tap into the millions of software developers o
Re: (Score:1)
Every computer has an OS, its just a question of how complex it is.
XP Embedded is not XP desktop anymore than Android is Debian. They aren't running a desktop OS any more than your cell phone is.
XP Embedded is not unsupported, and you're an idiot since you seem to think you have some non-buggy OS. The fact that you make such a comment tells me you know so little about software dev that you have no business even commenting in this conversation. All software has bugs.
Re: (Score:2)
As I'm earning my living with software development I'm quite aware that there is no bug free software (beyond "hello world"). But I'm also aware that the number of bugs correlates with the software's size and complexity.
That's why you don't use a more complex OS then required. That you mention XP embedded is making it much better, but the summary mentioned a plain XP only.
Re: (Score:2)
Re: (Score:2)
Even "hello, world" itself has many bugs in many implementations.
I mean, do you check to see that stdout is actually connected before you blindly output? Or do you just output and hope for the best? ("hello, world" that doesn't print "hello, world" would be considered a failure).
Do you check all return values? Do you even know that printf() in C has a ret
Re: (Score:1)
Why does a safe need an operating system?
This thing is not a "safe" in the sense of a monothithic box with a door where you might keep your Krugerands. Compusafe [brinkscompusafe.com] is a gas station/back office safe, with a touch screen GUI, cash reporting, and centralized accounting. ie, your night clerk drops a stack of bills into the loading tray, and the safe counts them, separates them, and sends a note home how much is in it. This seems to be a 4th generation product, so, like most software running on legacy platforms, I would guess that Brinks thinks the fa
Re: (Score:2)
Why does a safe need an operating system?
It's more than just a safe. The shop puts money in and the bank credits their account immediately, and then comes to collect the cash say every week. So it has to report back how much money has been put in, like an ATM that you can pay money in to.
And then why for heavens sake has it to be a desktop operating system?
Because long ago the company designed and built an ATM that ran on Windows XP, and didn't want to spend money upgrading to something better and porting/re-testing all their software. You see this a lot in industrial designs. Something works so there is reluctance
Re: (Score:2)
Thanks for the update. From the summary I was expecting some kind of new "lifestyle" safe, like the new entertainment systems they just have to slap into every car no also being a thing on safes.
Made sense at the time... sort of (Score:2)
Why does a safe need an operating system?
Because it is computerized and does more than control a lock. When was the last time you saw a computer without any sort of operating system?
And then why for heavens sake has it to be a desktop operating system?
Because that's what most people know how to write software for. Not saying it was a good choice but I understand why they did it.
It's not like there are especially hardened OSses out there for embedded devices.
It's not an embedded device. It runs a pretty much bog standard PC. I've actually worked on some of the hardware in these in my day job a while back on a project. (No I had nothing to do with the design or the implementation of them nor
Why an OS? (Score:2)
Re: (Score:2)
Re: (Score:2)
There's something to this kind of news... Why do they even put an operating system on such a specialized device, that is dedicated to only one task? The point of an operating system is to be able to run different programs on the same machine. It's certainly easier to build over one, but is it worth the trouble?
If this is the product that I think it is, then it is a fireproof safe specifically designed to keep computer data safe through a short but intense (up to 2 hour) fire. Some of the more "sophisticated" models allow you to backup and retrieve data without removing the drives from the safe. I'm not sure what value that provides, to be honest. But the USB port and computer OS are likely to provide access control to the data inside the safe.
Re: (Score:2)
Here [brinks.com] is one of these safes. The first, most obvious thing is that it has a touch-screen device, a printer, a network connection, a card reader, a cash counter, and a safe. That is a lot of hardware to drive with no OS.
It also has mutliple users, with various roles for each user. Sounds like more OS stuff.
It has ways to add and delete users, and change passwords. More OS stuff.
It can make reports, so obviously it has some sort of storage, which means some sort of file system. More OS stuff.
It has ways t
Re: (Score:2)
I see USB ports everywhere (Score:1)
Why even use an electronic safe? (Score:2)
If I had some stuff I wanted to keep secure, I would buy a safe with a dial combination lock, not an electronic safe (and certainly not one with software sophisticated enough that it needs an actual OS underneath it)
Re: (Score:1)
If I had some stuff I wanted to keep secure, I would buy a safe with a dial combination lock, not an electronic safe (and certainly not one with software sophisticated enough that it needs an actual OS underneath it)
But then you wouldn't be able to have your safe count your money for you. It wouldn't be able to confirm who made the deposit. It wouldn't be able to communicate with your central office to tell you how much money was at each different location. It wouldn't be able to call the bank for a pickup when it's full. My guess is this is basically the same as ATM/USB hacks [krebsonsecurity.com], where Brinks decided that the safe is going to be installed in a sufficiently secure area that it's OK to leave a USB port exposed.
Re: (Score:2)
Re: (Score:2)
Well, it is easy to make statements like that when you have no idea what the thing actually is or how it is used.
First, this thing is meant to be used in stores, gas stations, etc. The employee logs on and puts the cash in and it is counted and reported to the bank. The manager can check and see how much cash is in there and who put it in. At some later time, an armed Brinks employee comes in and empties the safe.
So, what happens with your simple safe? Assuming you aren't dumb enough to give the employe
Re: (Score:2)
Even if you do go for an electronic lock, there is no reason why it has to have a full OS (much less something written by Microsoft) underlying it. You could probably implement the logic for a safe on a simple microcontroller. Even if you need things like auditing (e.g. to record who opened the safe and when) all you need is a bit more memory (to store the list of valid codes and when those codes can be used plus the log of which codes are used and when) and a simple real-time-clock chip to keep track of th
Re: (Score:2)
A rather key feature of this 'safe' is that it counts the cash and credits your bank account. It notifies Brinks when a pickup must be made. It prints reports of deposits made, etc. It allows a central location to see that deposits are being made and how much money is in the safe. It has multiple users and roles. It has a touch screen to allow for management of user and roles, logging on, reporting, unlocking, etc. It is getting harder and harder to do on a simple microcontroller with no OS, and imposs
Re: (Score:2)
Still a problem more than a year later? (Score:3)
FTA: "So the issue isn't so much that there is no acknowledgment that there is a problem; rather, the vendors have been pointing fingers about whose problem it is for over a year, without progress made on the actual resolution."
Finger pointing or not, it's hard to believe that it could take that long to address the issue. Even if they can't get their shit together to fix the fundamental problem, couldn't they at least kludge in a piece of gateway software that would intercept the USB port data and raise the difficulty level of gaining access and exiting kiosk mode? That, plus actual lock-and-key protection of the port, (and maybe a retrofit of a custom connector that would make it even more difficult to make the physical connection), would buy them a lot of time to get through the exercise of deciding who's going to fix the REAL problem.
Speaking of fixing the problem - I know the answer to this, but I have to ask anyway: What happened to the practice of just fixing it because you can, and because it makes you look good, without regard to whose fault the problem was in the first place? They could have had this taken care of inside two weeks - maybe a month at the outside - if they weren't playing juvenile schoolyard politics.
Re: (Score:2)
Even if they can't get their shit together to fix the fundamental problem, couldn't they at least kludge in a piece of gateway software that would intercept the USB port data and raise the difficulty level of gaining access and exiting kiosk mode?
Or disable the USB port...at the factory...by not installing it.
Re: (Score:2)
Lawyers.
I *did* say I already knew the answer... :-) To 'lawyers' add accountants, PR people, and any C-levels who subscribe to 'flavour of the month' management philosophies.
A USB port? (Score:2)
...the safe's exposed USB port....
Why not just paint a large target on the front of the safe?
We have this awesome new tech... (Score:3)
The "IoT" is not our friend, folks - It turns solid, reliable old-school products into yet another vector for malware in your house. And if you think reinstalling Windows sucks, how about having your oven go into self-cleaning mode during your vacation without the safety latch closed? How about having your blender "playfully" get your cat's attention with brief pulses before going full puree? How about overriding your on-demand hot water heater to its "steam clean" setting with you in the shower?
I love toys, including electronics. But the fewer things in my house vulnerable to remote exploits, the better. My toaster should have one dial and one lever and zero computers, period.
What the... (Score:2)
This whole thing makes my head spin- I couldn't be any more surprised if I found out that my toaster or can opener was running Win95, or ANY full-fledged OS. Now I wonder what OS my toothbrush is running on. And the napkin holder on my dining room table- what OS does it use?
Re: (Score:2)
It is a 'safe' in the same sense an ATM is a safe. It counts (and sorts) the money that is inserted and credits it to your bank account. It records who made deposits (requires user management). It prints reports. It notifies Brinks when it is time to empty the safe. It allows a remote manager access to see deposits made, etc.
So at the very least it needs to interface with a bill counter/sorter, network (encryption, etc), touch screen, printer, card reader, and lock mechanism. Is there any reason besid
It's like they're not even trying (Score:2)
This seems to be a big problem - large companies seem to be completely unaware of how to hire people to do technical work. Instead, some dumb admin who's been doing Windows for ages said, "Hey! Let's use Windows in our new iSafe!", and this is why they have the worst example of problematic code running in something that's supposed to keep belongings safe.
I don't care how many people claim Windows can be made secure. It simply should not be used for anything sensitive.
Bank robbery, or not? (Score:2)
Standards (Score:3)
Re: (Score:1)
Re: (Score:2)
Why do you think that the alternative to capitalism would be a dictatorship? We have real examples of operating systems that are written for other reasons then money, some if which have been successful enough to attract capitalists. Early Linux is probably the most well known example of a operating system written in a socialist manner.
Re: (Score:2)
Apparently because it's some sort of "drop off" safe.
In the normal operation of the safe, the majority of operations are executed by way of a touch-screen on the safe. Once the money has been inserted into the safe, it is automatically deposited to the retailer's bank, which means that it's the bank's money and a store manager cannot remove cash from the safe. Typically, to remove cash, there is a requirement for both the store manager and a Brink's employee to be present.
That still doesn't explain why people in this sort of industry think you need Microsoft freaking Windows for a simple UI screen. Perhaps they are using Visual Basic? (rolls eyes)
This is 2015, folks, this is the kind of crap you can do with a Raspberry Pi, and if it's long-term support you want, you will still be able to get boards ten years from now, at most needing software changes in the form of a few different kernel drivers.
Re: (Score:1)
The OS wasn't compromised, and XP embedded is pretty secure ... it doesn't run anything out of the box, so its pretty safe.
You choose Windows because the Win32 API has a couple of metric fucktons of developers available that are JUST as capable as random Linux developer that thinks he's kind shit just because he runs Linux even though his software is just as exploitable on Linux as it is on XP.
How ignorant do you have to be to make such retarded statements? Pretty fucking ignorant I'd say.