EEVblog #762 - How Secure Are Electronic Safe Locks?

[ivan747]

I bought a famous name electronic safe at a garage sale with the door open.  Mfg would give you combination for $3.50.  I figured take off back plastic cover and look at electronics, maybe a combination sticker.  No electronics inside safe.  Just two wires leading from solenoid.  Removing battery cover from front of safe gave easy access to those.  So a wire connected to the battery and a pin to break through insulation is all someone needs to get in.   I don't really use it, just keep it in an obvious location.  If someone breaks in I want them to take all their time moving that heavy safe and leaving the other stuff alone.  That is real security.

Fill it with fake jewelry and fake cash. That will do the trick 

[VK5RC]

I use a couple of the four legged barking variety as our main security, as long as there are a couple of nice  looking houses down the street without a dog, you are OK. Has worked so far (crosses fingers, toes etc).

[EEVblog]

I am not talking about hole on the side of the safe 
I am talking about 3(4?) FACTORY holes in the front plate. At least the one used for the handle/power cable goes all the way through. Skilled people are able to use such holes to go in places they werent supposed to with a stiff wire.
You dont risk burning anything it you unplug battery and just measure resistance between ground and your magic wand until you land on specific known one to be sure it landed on second magnet pole/transistor pad.

My answer to that is exactly the same as before!
Of course the safe has vulnerabilities if you drill it, practically every safe does! Drilling into safes and manipulating is how the pros get into safes without much damage (holes can be resealed).
So do you actually have a point?

[EEVblog]

How are you going to shake/bump something that's bolted to a wall/floor?

You can often just bang on things with a mallet or something, there are plenty of videos on youtube...

In this case, as I demonstrated, and it known in the industry, this particular La Gard lock is not vulnerable to bumping.

[EEVblog]

BTW Dave, I learned today that you became a verb. to 'dave jones' something apparently means to fuk around with it for 2 minutes and toss it in the corner  another ee blogger I follow got X-Carve and people were afraid he would 'dave jones' it in the comments It was such a holy shit Im not alone moment when I read that

Why don't you come here, take care of my kids for me, take care of all the other stuff I have to do, and then convince the wife I can have all the time I like to spend at the lab and I'll happily work on the X-Carve.
WTF is your problem anyway? It's clear you don't like me or the way I do things, and you seem to harass me every chance you get. Why?
You are not the least bit amusing, and it's getting rather tiresome.

[Marc M.]

FFS people, it's an inexpensive electronic lock designed for inexpensive safes to keep your crap safe from street level criminals.  If there was any vulnerability to the design that could be relatively easily exploited it would be all over the internet. 

Anybody can talk - like bullshit, it's free and often worth as much especially on internet forums like this.  For all the arm chair quarterbacks telling Dave how he should have done things, especially Rasz who's really been busting his balls  , I want to see YOU do a video demonstrating your techniques to exploit a design limitation of these locks.  That will remove any doubt as to your superior knowledge of the subject over Dave's (who of course never professed to be an expert in the field to begin with).

[EEVblog]

FFS people, it's an inexpensive electronic lock designed for inexpensive safes to keep your crap safe from street level criminals.  If there was any vulnerability to the design that could be relatively easily exploited it would be all over the internet. 

Actually it's a rather expensive top brand electronic lock (the costs 4 times what a cheap ebay safe costs) that (as mentioned in the video) is used on some very expensive and top class safes.

That will remove any doubt as to your superior knowledge of the subject over Dave's (who of course never professed to be an expert in the field to begin with).

It's not an issue of knowledge it's one of time and inclination to actually do an extensive array of tests and attacks. I have that ChipWhisper after all that is specifically designed for such attacks. This video was purposely limited to one very basic test and nothing more, just to see if there was anything detectable on the power line at all. The plan was a "quick" sub 10 minute video. But is doesn't matter how well I caveat my videos, some people will always not be happy with my effort.

[apis]

How are you going to shake/bump something that's bolted to a wall/floor?

You can often just bang on things with a mallet or something, there are plenty of videos on youtube...

In this case, as I demonstrated, and it known in the industry, this particular La Gard lock is not vulnerable to bumping.

Yes, I didn't mean to imply that it was, only that you don't need to be able to move around one that is vulnerable in order to bump it.

[Rasz]

Of course the safe has vulnerabilities if you drill it, practically every safe does! Drilling into safes and manipulating is how the pros get into safes without much damage (holes can be resealed).

what drilling? there are FACTORY MADE HOLES in the front plate, or maybe front handle connects to the internal mechanism by magic? hmm I dont know, maybe that wire between internal lock and external keyboard is wireless ...I give up

especially Rasz who's really been busting his balls 

just like Dave I dont like bullshit. Reading in video description Dave is going to do power analysis, and then watching him _not do it_ (or attempt without doing any research beforehand and going with his gut?) and pronounce lock safe and uncrackable really pissed me off :/

You know that feeling when you are watching Halt & Catch Fire IBM XT Bios reverse engineering scene and you realize screen writers  have ZERO clue about the subject matter but do it anyway? and you are presented with two grown men looking at a PCB for 30 minutes searching for EEPROM (one of the men is EE/CS with one computer design under his belt). Then they connect said EEPROM to some sort of computer interface driving address bus, and instead of reading data lines directly they display it on led array, read it out loud one byte at a time and write down on paper .... so they can later type it into another computer.

Now imagine that at the start of a scene one of them whips out eprom reader, explains what it does, and then they proceed anyway - this was Dave's power analysis  


Yeah, I over reacted.

[EEVblog]

Yeah, I over reacted.

No kidding 

[EEVblog]

just like Dave I dont like bullshit. Reading in video description Dave is going to do power analysis, and then watching him _not do it_ (or attempt without doing any research beforehand and going with his gut?)

 
"An off-the-cuff video blog"
I showed the proper tool for the job at the start of the video but I did not use it and said I was going to deliberately try a simple simple thing first. Yet you still complain.
This is not the first time you have complained about this sort of stuff, you keep harping on and on about what I didn't do in a video. Why do you even bother watching if it bothers you so much?

[Rasz]

"An off-the-cuff video blog"
I showed the proper tool for the job at the start of the video but I did not use it and said I was going to deliberately try a simple simple thing first. Yet you still complain.
This is not the first time you have complained about this sort of stuff, you keep harping on and on about what I didn't do in a video.

>Dave tries a power line analysis attack
>How Secure Are Electronic Safe Locks

Yes, you didnt do it, instead you looked at the scope while claiming that was it, and announcing lock is secure because you (someone who Im guessing never picked a lock, and has no infosec background nor interest. I certainly never met you at defcon, blackhat or shmoo) dont see any flaws. You promised 800% battery life and failed to deliver. Remember that guy from #708 free energy bullshit? This was basically you doing power/security analysis.
Video on its own is more than fine. Fail, drilling, laparoscopy and teardown all highly entertaining, 10/10 would bang.

Why do you even bother watching if it bothers you so much?

Because I love you Dave 

[EEVblog]

Because I love you Dave 

Just like those people who love me so much they thumbs down every one of my videos within minutes of uploading. It's good to be loved.

[SeanB]

Safe cracking can be hard or easy. Lock picking as well, you find a lot of smaller cheaper locks that can be picked with very simple tools, often stuff that you can carry around without anybody being the wiser. Small locks are easy, I have done them with no more than 2 wire paper clips, which are common things. Was easier than walking over to get the key in some cases to just pick them open, do the work in the cabinet then lock them again with that.

[HighVoltage]

Locks and Safes have gotten much more sophisticated over the years.

In my childhood, it was easy to pick almost every door lock in a short time. I cracked numerical bicycle locks within seconds, no matter what brand it was.  But these days, you have to have special tools to pick modern high quality locks, including modern high quality numerical bicycle locks.

The same is true for safes. There is no general rule that applies for all safes and you have to be specialized for a brand and model to open them successfully. I don't think that good quality safes have a back door.

Dave, your video was a good introduction to the security of safes and I enjoyed watching it.

[EEVblog]

I don't think that good quality safes have a back door.

They don't. They wouldn't be able to pass independent certification if this was the case.
And no company who's business is electronics locks / safes would sell product with such back doors. If the back door leaked out (and it would) the company would be out of business.

[Fungus]

Just like those people who love me so much they thumbs down every one of my videos within minutes of uploading. It's good to be loved.

They subscribe to the videos just so they can give them thumbs down? 

[helius]

They don't. They wouldn't be able to pass independent certification if this was the case.
And no company who's business is electronics locks / safes would sell product with such back doors. If the back door leaked out (and it would) the company would be out of business.

There is little purpose to adding a "back door" with its attendant NRE and assembly cost when your lock can be bypassed with a soda straw or a paperclip. The ability to access the contents is exactly the same. And "independent certification" doesn't test for design insecurity, that is not a criteria that is a part of any testing standard. Hard to see how it could even be possible to standardize on not having bypasses, that's like proving a negative.

Many such vulnerabilities have been disclosed in national magazines, and the companies involved never went out of business. Sometimes the products are still being sold.

It's a basic blind spot for engineers, they only know how to make things work, not how to break things.

[madires]

They don't. They wouldn't be able to pass independent certification if this was the case.
And no company who's business is electronics locks / safes would sell product with such back doors. If the back door leaked out (and it would) the company would be out of business.

There is little purpose to adding a "back door" with its attendant NRE and assembly cost when your lock can be bypassed with a soda straw or a paperclip. The ability to access the contents is exactly the same. And "independent certification" doesn't test for design insecurity, that is not a criteria that is a part of any testing standard. Hard to see how it could even be possible to standardize on not having bypasses, that's like proving a negative.

Many such vulnerabilities have been disclosed in national magazines, and the companies involved never went out of business. Sometimes the products are still being sold.

It's a basic blind spot for engineers, they only know how to make things work, not how to break things.

Yes, a lot can go wrong regarding security while developing a product. There are unintented backdoors which were added for debugging purposes originally, but were not removed when shipping the finished product. Things like fixed passwords, hidden users/IDs and so on. Watch some presentations from DefCon or BlackHat on youtube. Car key fobs, electronic locks for hotel rooms, security tokens, industrial controllers and what have you. Most times the producer tries to ignore the problem and soothes the customer. Or take the producers of SOHO internet routers for example. Security issues get fixed only after a major media coverage and just for current models. If your router is older than a year or so, you won't see any new firmware. The producer wants you to buy a new router. New routers are shipped with old software modules with knows security issues, which are fixed in a later release. But the producer can't be bothered to update the software module. It's really that bad! Another nightmare is Android. When Google fixes a critical security issue in Android, you might never get the fixed version, because of the long tail with the smartphone producers and telcos. It's like someone else is putting your spare key under your door mat, while telling you that everything is secure. And you believe him.

[apis]

It's because the quickest way to develop things is usually by trial and error, once it appears to function the way you want you're done. Forgetting about special cases is the source of most bugs and when it comes to security you have to consider even the most extreme cases which are often difficult to spot unless you fully understand the whole system. Then there is the problem with companies not caring and consumers not knowing on top of that.

[ElGuapo]

I deal with these types of locks everynow and then. I work on safes all day every day.   These LaGards actually have high failure rates. I have often wondered if they are intentionally designed to fail after say, 10,000 uses.

To Dave, send me an email, and I will send you drill point and procedure for this lock.

[Mysion]

Despite all those that seem to be hating on you Dave I am still a huge fan of your video's. I've learned most of what I know up to this point by absorbing information from your videos. What to look for when doing repairs and basic circuits do's and don'ts. Your rants are always extremely informative and I nearly always come away knowing more than before. Even my dad likes your videos. He can't understand how your always so chipper, maybe the aussie air?

Your vids are what turned electronics from magic to some thing that sorta makes sense. The EEvblog made me certain of my choice to become an EE instead of another type of engineering.

Keep up the great vids and ignore those needlessly attack you. If you need cheering up I have a broken AFG2020 tek function gen I could send you. 

[EEVblog]

I deal with these types of locks everynow and then. I work on safes all day every day.   These LaGards actually have high failure rates. I have often wondered if they are intentionally designed to fail after say, 10,000 uses.

What is the usual failure mode?
Are there any known exploits apart from drilling?

[EEVblog]

Your vids are what turned electronics from magic to some thing that sorta makes sense. The EEvblog made me certain of my choice to become an EE instead of another type of engineering.

Great to hear, thanks.

[eilize]

"Are there any known exploits apart from drilling?"

from an electronic point of view, i see one.

you have a direct acess to the opto-transistor from the 9v connector.
you don't have access to the driver, but perhaps you could fire it to force the current to pass


the goal is to open it, not to respect the limit to keep safe the components .
you have drill the box anyway ^^
let's continue in this way :p

i don't know if it work , but if you can unlock it with 5$ spend in batteries of 9v ...