The manufacturer of a smart Bluetooth safe, designed to carry firearms, has issued a crucial security update — after researchers easily hacked the safe remotely, opening it without a passcode.
Vaultek says its Bluetooth-connected safes are a way to store firearms — and even transport weapons through airports. Instead of entering a passcode on the safe's keypad, owners can use a smartphone app via a Bluetooth connection.
However, a number of crucial flaws in the safe's technology meant security researchers from Two Six Labs could crack it open in mere seconds.
The researchers showed how the safe's PIN can be guessed an unlimited number of times. And because the PIN can only be between four and eight digits long — and consist only of the numbers one to five — a conservative seven seconds per try would see the safe unlocked in no more than 72 minutes via a so-called brute force attack.
This meant a thief could simply guess the PIN and not worry about hacking in via the Bluetooth connection. "We had a good chuckle with this," the researchers said.
Next, they found the safe's Bluetooth feature was also easy to hack. A video, above, and accompanying blog post shows how the relatively simple hack was made possible. Not only did the safe's connection to the smartphone app fail to encrypt the passcode, transmitting it in plain text, but that code was not actually needed to unlock the safe. Researchers found they could unlock the safe simply by issuing the unlock command and not using the PIN at all.
A stark reminder
Two Six Labs says it informed Vaultek privately about the vulnerabilities in October and waited for the safe maker to prepare a fix before going public with their findings. On November 7 Vaultek told Two Six Labs that it had issued a fix and "improved Bluetooth security with the option for disabling the Bluetooth unlock or the entire connection altogether. There is also a time out feature designed for brute force attacks and additional encryption for the communication between the app and safe."
The researchers said: "This should serve as a stark reminder to manufacturers of smart products that security audits can be extremely beneficial, particularly if coding or design work is being outsourced."
Vaultek said in a Facebook post how it would use the findings to "take security to a new level" with its Bluetooth safes. It added: "Our hope with all of our products, is to always keep learning and growing. We know that in this new smart tech world, there will always be the possibilities of vulnerabilities in any smart device. So we make it our mission to partner and grow with those who are the best in their field or area."