Menu
High-security electronic safes can be hacked through power and timing analysis

High-security electronic safes can be hacked through power and timing analysis

Researcher shows that variations in voltage and execution times can expose the correct access codes for electronic safe locks

Some consumer safes protected with electronic locks are quite easy to hack using basic techniques. Others, though, like those made to store guns, are designed to resist expert manipulation.

However, one hacker demonstrated at the DEF CON security conference Friday that even high-security rated electronic safe locks are susceptible to side-channel attacks typically used against cryptosystems.

Side-channel attacks involve techniques like analyzing power fluctuations and variations in the time it takes operations to complete on an electronic device. By monitoring these values when the system checks the user's input against a stored value, attackers can incrementally recover encryption keys or, in the case of electronic safe locks, the correct access code.

Plore, the hacker who demonstrated two such attacks at DEF CON, is an embedded software developer with a background in electrical engineering. One of his targets was the Sargent and Greenleaf 6120, an older electronic safe lock from the late '90s that's still being sold and certified as highly secure by UL, an international safety certification company. The second target was a newer lock from 2006 called the Sargent and Greenleaf Titan PivotBolt.

Plore tapped the power wires between the S&G 6120 keypad and the electronic lock mechanism inside the safe. By doing so, he was able to see fluctuations in the flow of electrical current when the lock extracted the correct six-digit access code from memory in order to compare it to the code entered by the user. He showed that an attacker could recover the correct code by entering an incorrect code on the keypad while performing power analysis on the device.

The Titan PivotBolt lock was somewhat more difficult to defeat, and it required a combination of a brute force attack implemented through a custom made device, as well as power analysis and timing analysis. It also required cutting the power after a guess attempt in order to prevent the lock from incrementing a counter that would enforce a 10-minute delay after five failed attempts.

While many consumer electronic safe locks are likely vulnerable to these attacks, there are other much more expensive locks designed to prevent side-channel techniques.

There is a U.S. federal standard for high-security locks approved by the General Services Administration for securing classified documents, materials, equipment, and weapons. This standard specifically defends against these attacks, Plore said.

Burglars won't bother with power analysis to open consumer safes and are more likely to use a crowbar, but the researcher believes these techniques might also be applicable to other software-based lockout systems, like those in phones or cars.

Earlier this year, the FBI sought a court order to force Apple to help it break into the locked iPhone of a mass shooter in San Bernardino, California. After Apple refused and challenged the order, the FBI bought an unspecified exploit from a third-party that allowed it to bypass the PIN lock and the safety mechanism designed to erase the phone's contents after a number of invalid PIN entries.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags black hat

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments