When installed near a car or garage, the device will block the owner's first attempt to open the door using his legitimate wireless key fob and will capture the transmitted code. The device will do the same for the second attempt, but will play back the first code in order to open the door.
The victim will likely think that the first failure was a temporary glitch, but in reality the attacker will retain the second valid code which he can replay later to open the door.
Forgot your safecracking tools? No problem. Use this USB thumb drive
Researchers Daniel Petro and Oscar Salazar from security firm Bishop Fox showed at DEF CON that smart safes are about as secure as Windows-based Internet kiosks.
Back in the 2000s, bypassing the paywall interfaces on Internet, photo printing and other types of interactive self-service kiosks was quite popular. Hackers were showing off various techniques based on key combinations and shortcuts that administrators forgot to lock down and which gave them access to the underlying Windows OS.
The CompuSafe Galileo, made by Brink's, is a huge safe that sits in the back-office rooms of retail stores and other businesses and is used to deposit money directly into the bank accounts of those companies. The safe has an interactive touch screen, runs Windows and has an interface that requires authentication from two people in order to open the door -- typically the store manager and the bank courier who comes to pick up the money.
The Bishop Fox researchers tried the usual key combinations to bypass the interface, but failed. Then they found an instructional Flash-based video in the interface's help section. Right clicking on the video and choosing settings launched a Web page in Internet Explorer. With the browser opened, the researchers now had a way to browse the file system and open the command line interface by running cmd.exe.
The safe also had an exposed USB port on the side, so they created an USB thumb drive that emulated a keyboard and mouse and sent the key strokes and clicks necessary to automate the attack. The ultimate goal of the attack was to add two new service users to the safe's database, which was stored in Microsoft Access.
Opening the safe door was then just a matter of plugging in the USB stick, waiting a few seconds, then logging in with the two new rogue service users.
Internal LTE/3G modems can offer attackers a place to hide persistent malware
An increasing number of business laptops and tablets have built-in LTE/3G modems so that their owners can use a mobile data connection while working remotely. These modem modules have their own processors, memory and operating systems, so they are essentially independent computers running inside other computers.
Sign up for MIS Asia eNewsletters.