Menu
High-security electronic safes can be hacked through power and timing analysis

High-security electronic safes can be hacked through power and timing analysis

Researcher shows that variations in voltage and execution times can expose the correct access codes for electronic safe locks

Some consumer safes protected with electronic locks are quite easy to hack using basic techniques. Others, though, like those made to store guns, are designed to resist expert manipulation.

However, one hacker demonstrated at the DEF CON security conference Friday that even high-security rated electronic safe locks are susceptible to side-channel attacks typically used against cryptosystems.

Side-channel attacks involve techniques like analyzing power fluctuations and variations in the time it takes operations to complete on an electronic device. By monitoring these values when the system checks the user's input against a stored value, attackers can incrementally recover encryption keys or, in the case of electronic safe locks, the correct access code.

Plore, the hacker who demonstrated two such attacks at DEF CON, is an embedded software developer with a background in electrical engineering. One of his targets was the Sargent and Greenleaf 6120, an older electronic safe lock from the late '90s that's still being sold and certified as highly secure by UL, an international safety certification company. The second target was a newer lock from 2006 called the Sargent and Greenleaf Titan PivotBolt.

Plore tapped the power wires between the S&G 6120 keypad and the electronic lock mechanism inside the safe. By doing so, he was able to see fluctuations in the flow of electrical current when the lock extracted the correct six-digit access code from memory in order to compare it to the code entered by the user. He showed that an attacker could recover the correct code by entering an incorrect code on the keypad while performing power analysis on the device.

The Titan PivotBolt lock was somewhat more difficult to defeat, and it required a combination of a brute force attack implemented through a custom made device, as well as power analysis and timing analysis. It also required cutting the power after a guess attempt in order to prevent the lock from incrementing a counter that would enforce a 10-minute delay after five failed attempts.

While many consumer electronic safe locks are likely vulnerable to these attacks, there are other much more expensive locks designed to prevent side-channel techniques.

There is a U.S. federal standard for high-security locks approved by the General Services Administration for securing classified documents, materials, equipment, and weapons. This standard specifically defends against these attacks, Plore said.

Burglars won't bother with power analysis to open consumer safes and are more likely to use a crowbar, but the researcher believes these techniques might also be applicable to other software-based lockout systems, like those in phones or cars.

Earlier this year, the FBI sought a court order to force Apple to help it break into the locked iPhone of a mass shooter in San Bernardino, California. After Apple refused and challenged the order, the FBI bought an unspecified exploit from a third-party that allowed it to bypass the PIN lock and the safety mechanism designed to erase the phone's contents after a number of invalid PIN entries.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags black hat

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Kiwi channel comes together for another round of After Hours

Kiwi channel comes together for another round of After Hours

The channel came together for another round of After Hours, with a bumper crowd of distributors, vendors and partners descending on The Jefferson in Auckland. Photos by Maria Stefina.​

Kiwi channel comes together for another round of After Hours
Consegna comes to town with AWS cloud offerings launch in Auckland

Consegna comes to town with AWS cloud offerings launch in Auckland

Emerging start-up Consegna has officially launched its cloud offerings in the New Zealand market, through a kick-off event held at Seafarers Building in Auckland.​ Founded in June 2016, the Auckland-based business is backed by AWS and supported by a global team of cloud specialists, leveraging global managed services partnerships with Rackspace locally.

Consegna comes to town with AWS cloud offerings launch in Auckland
Show Comments