Skip to content

Unsafe IoT safes

I have been saying that one of the challenges with securing IoT is that IoT device makers don’t have the necessary security background, and the security industry does not do enough to make cyber-security more accessible to manufacturers. We should therefore not be surprised that 150 years of experience in making robust safes and transferring money securely, did not help Brinks once they introduced a USB slot into one of their new models.

As reported by WIRED, improper handling of connected USB dongles allowed anyone with physical access to the safe to introduce certain scripts through this USB interface. The demonstrated scripts took over the embedded Windows platform and allowed to execute commands. Those scripts created fake users on the system and used them to pop the safe door open in a minute. Also, since the scripts executed at a high privilege level, they could wipe all tracks of the attack, as well as previous log entries of past deposits.


See also

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Markdown format allowed
Enclosing asterisks marks text as bold (*word*), underscore are made via (_word_), else escape with (\_).
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
Form options

Submitted comments will be subject to moderation before being displayed.