High-security electronic safes can be hacked through power and timing analysis

Researcher shows that variations in voltage and execution times can expose the correct access codes for electronic safe locks

Some consumer safes protected with electronic locks are quite easy to hack using basic techniques. Others, though, like those made to store guns, are designed to resist expert manipulation.

However, one hacker demonstrated at the DEF CON security conference Friday that even high-security rated electronic safe locks are susceptible to side-channel attacks typically used against cryptosystems.

Side-channel attacks involve techniques like analyzing power fluctuations and variations in the time it takes operations to complete on an electronic device. By monitoring these values when the system checks the user's input against a stored value, attackers can incrementally recover encryption keys or, in the case of electronic safe locks, the correct access code.

Plore, the hacker who demonstrated two such attacks at DEF CON, is an embedded software developer with a background in electrical engineering. One of his targets was the Sargent and Greenleaf 6120, an older electronic safe lock from the late '90s that's still being sold and certified as highly secure by UL, an international safety certification company. The second target was a newer lock from 2006 called the Sargent and Greenleaf Titan PivotBolt.

Plore tapped the power wires between the S&G 6120 keypad and the electronic lock mechanism inside the safe. By doing so, he was able to see fluctuations in the flow of electrical current when the lock extracted the correct six-digit access code from memory in order to compare it to the code entered by the user. He showed that an attacker could recover the correct code by entering an incorrect code on the keypad while performing power analysis on the device.

The Titan PivotBolt lock was somewhat more difficult to defeat, and it required a combination of a brute force attack implemented through a custom made device, as well as power analysis and timing analysis. It also required cutting the power after a guess attempt in order to prevent the lock from incrementing a counter that would enforce a 10-minute delay after five failed attempts.

While many consumer electronic safe locks are likely vulnerable to these attacks, there are other much more expensive locks designed to prevent side-channel techniques.

There is a U.S. federal standard for high-security locks approved by the General Services Administration for securing classified documents, materials, equipment, and weapons. This standard specifically defends against these attacks, Plore said.

Burglars won't bother with power analysis to open consumer safes and are more likely to use a crowbar, but the researcher believes these techniques might also be applicable to other software-based lockout systems, like those in phones or cars.

Earlier this year, the FBI sought a court order to force Apple to help it break into the locked iPhone of a mass shooter in San Bernardino, California. After Apple refused and challenged the order, the FBI bought an unspecified exploit from a third-party that allowed it to bypass the PIN lock and the safety mechanism designed to erase the phone's contents after a number of invalid PIN entries.

Join the PC World newsletter!

Error: Please check your email address.

Tags black hat

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?