“Every step of the way, we were like, ‘This can’t be possible.’ ”
Yet this – opening a Brinks CompuSafe Galileo using its standard USB port, a keyboard and 100 lines of code – was most definitely possible for a pair of security researchers, Daniel Petro and Oscar Salazar, who work for the IT security consulting company Bishop Fox.
From an IDG News Service story on our site:
They bought a Galileo CompuSafe on eBay. The most egregious problem they found is a fully functional USB port on the side of the safe. That allowed them to plug in a keyboard and a mouse, which worked.
The CompuSafe has a nine-inch touchscreen that runs an application that is used for entering authentication credentials. They found a way to escape that application -- known as a kiosk-bypass attack -- through a help menu, gaining access to the backend Windows XP embedded operating system.
At that point, it was game over for the safe. Petro and Salazar had administrator access to a Microsoft Access database file, which retains information on how much money the safe contains, user accounts on the system, when the door has been opened and other log files.
“By just editing that file, you can make the safe do anything you want,” Salazar said.
Such as opening the door, for example.
There are some 14,000 of these machines in use. And while the researchers have been in contact with Brinks about their findings for more than a year now, it’s unclear to what extent the vulnerabilities can be eliminated.
The research will be presented at next month’s Def Con Hacking Conference in Las Vegas, minus the actual access code.
I’ve asked Brinks for comment, even though I can’t imagine what the company might have to say for itself.