Researchers hack Brinks safe with a USB flash drive - steadmanpilly1987

In the old years, thieves used explosives to obtain into a safe. But these days for one kinda Brinks riskless, all it takes is a USB stick with 100 lines of inscribe.

The astonishing findings will be represented at the Def Con Hacking Group discussion previous next month in Las Vegas and marks a year's enquiry past Daniel Petro and Oscar Salazar of security company Bishop Fox.

Some of Bishop Fox's customers use Brinks' CompuSafe Galileo, a modernized safe that makes cash direction easier for businesses.

Employees can insert cash into the machine, which is counted. The CompuSafe generates reports for stores and can provide cash in totals to banks, which can allow probationary quotation for the deposits made before the cash in on is actually transported.

Brinks claims the CompuSafe helps stores eliminate deposit discrepancies, reduce thievery and free staff from recounting and auditing cash.

But what the experienced security investigators found shocked them. They unclothed a slew of vulnerabilities and design flaws that, in some cases, may cost hard for Brinks to fix.

As of a couple of years ago, more 14,000 CompuSafe Galileos were deployed across the U.S. All are still vulnerable to their attack, the researchers said.

They bought a Galileo CompuSafe on eBay. The most egregious trouble they found is a fully operational USB port unofficially of the dependable. That allowed them to connect a keyboard and a mouse, which worked.

"Zip good comes from that," Salazar said. It was a sign of more worse things to come. "Every step of the way, we were like, 'This keister't be possible'," Petro said.

The CompuSafe has a nine-inch touch screen that runs an application that is used for entering hallmark credentials. They found a way to escape that application—known as a kiosk-bypass assail—direct a help fare, gaining access to the backend Windows XP embedded OS.

At that point, it was spirited over for the safe. Petro and Salazar had administrator accession to a Microsoft Access database file, which retains info along how much money the safe contains, user accounts on the system of rules, when the door has been opened and strange log files.

"By just editing that file, you can make the safe do anything you want," Salazar said.

That includes popping open the safe's doors, which they did.

Attackers could also execute much more sophisticated frauds using the database file that would atomic number 4 harder to detect, Salazar said.

The memory boar inherently trusts the safe to report how much cash it has, Salazar aforementioned. If the car has US$2,000 in it but the database is limited to only account $1,000, the banking concern and retail merchant would be no the wiser.

"You could very easily take in the safe rest approximately the cash aggregate it has," he said. "IT would be very difficult to cart track that theft down because the bank would receive on the button how much money IT thinks it should be acquiring."

The code for acquiring administrator access is surprisingly simple: it's just 100 lines of large code, which are instructions for a certain sequence of mouse and keyboard strokes that crack the CompuSafe and can be supplied using a USB stick.

Salazar aforesaid they've been in contact with Brinks' technical squad for much a year about the problems.

Brinks hasn't fixed them til now, in function because there appears to be somewhat complex supply chain, Salazar aforementioned. Brinks designed the off the hook, but the software is really ready-made by another keep company called FireKing Security Group.

For legal reasons, they're non going to liberation the full onslaught code at Def Con, but "after the presentation, it will be fairly apparent to anybody World Health Organization has a young bit of time how you could write your own encode," Petro said.

They hope the disclosure will efficient fixes. "We're going public to try to raise the awareness and hopefully fix it leaded," Salazar said.

But the fixes aren't easy, and will likely require forcible visits to safes, as the CompuSafe needs BIOS updates and else changes. Even then, it's alleged whether the safes would exist fully secure.

"At the end of the day, there is still an exposed USB port," Petro said. "And IT's even running Windows XP."

Brinks officials couldn't be reached for comment.

Source: https://www.pcworld.com/article/422748/brinks-safe-can-be-hacked-with-just-a-usb-stick.html

Posted by: steadmanpilly1987.blogspot.com