Menu
High-security electronic safes can be hacked through power and timing analysis

High-security electronic safes can be hacked through power and timing analysis

Researcher shows that variations in voltage and execution times can expose the correct access codes for electronic safe locks

Some consumer safes protected with electronic locks are quite easy to hack using basic techniques. Others, though, like those made to store guns, are designed to resist expert manipulation.

However, one hacker demonstrated at the DEF CON security conference Friday that even high-security rated electronic safe locks are susceptible to side-channel attacks typically used against cryptosystems.

Side-channel attacks involve techniques like analyzing power fluctuations and variations in the time it takes operations to complete on an electronic device. By monitoring these values when the system checks the user's input against a stored value, attackers can incrementally recover encryption keys or, in the case of electronic safe locks, the correct access code.

Plore, the hacker who demonstrated two such attacks at DEF CON, is an embedded software developer with a background in electrical engineering. One of his targets was the Sargent and Greenleaf 6120, an older electronic safe lock from the late '90s that's still being sold and certified as highly secure by UL, an international safety certification company. The second target was a newer lock from 2006 called the Sargent and Greenleaf Titan PivotBolt.

Plore tapped the power wires between the S&G 6120 keypad and the electronic lock mechanism inside the safe. By doing so, he was able to see fluctuations in the flow of electrical current when the lock extracted the correct six-digit access code from memory in order to compare it to the code entered by the user. He showed that an attacker could recover the correct code by entering an incorrect code on the keypad while performing power analysis on the device.

The Titan PivotBolt lock was somewhat more difficult to defeat, and it required a combination of a brute force attack implemented through a custom made device, as well as power analysis and timing analysis. It also required cutting the power after a guess attempt in order to prevent the lock from incrementing a counter that would enforce a 10-minute delay after five failed attempts.

While many consumer electronic safe locks are likely vulnerable to these attacks, there are other much more expensive locks designed to prevent side-channel techniques.

There is a U.S. federal standard for high-security locks approved by the General Services Administration for securing classified documents, materials, equipment, and weapons. This standard specifically defends against these attacks, Plore said.

Burglars won't bother with power analysis to open consumer safes and are more likely to use a crowbar, but the researcher believes these techniques might also be applicable to other software-based lockout systems, like those in phones or cars.

Earlier this year, the FBI sought a court order to force Apple to help it break into the locked iPhone of a mass shooter in San Bernardino, California. After Apple refused and challenged the order, the FBI bought an unspecified exploit from a third-party that allowed it to bypass the PIN lock and the safety mechanism designed to erase the phone's contents after a number of invalid PIN entries.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags black hat

Slideshows

Meet the leading HP partners in New Zealand...

Meet the leading HP partners in New Zealand...

HP has recognised its top performing partners in New Zealand at the second annual 2016 HP Partner Awards, held at a glittering bash in Auckland. The HP Partner Awards recognises and celebrates excellence, growth, consistency and engagement of its top partners. This year also saw the addition of several new categories, resulting in 11 companies winning across 11 award categories.

Meet the leading HP partners in New Zealand...
Channel comes together as Ingram Micro Showcase hits Auckland

Channel comes together as Ingram Micro Showcase hits Auckland

Ingram Micro outlined its core focuses for 2017 at Showcase in Auckland, bringing together the channel for a day of engaging keynotes, compelling breakout sessions and new technologies.

Channel comes together as Ingram Micro Showcase hits Auckland
Show Comments