Researchers from the US security Bishop Fox managed a "smart safe" by manufacturer Brinks with nothing more than to get a USB stick open. The problem is playing in the CompuSafe Galileo of Brinks, which can contain up to $ 240,000.
The vault has a touch screen and Internet and runs on an embedded version of Windows XP. Once there is money in the safe it is placed automatically by a reader scanned and added to the total. Information about the contents of the safe can be printed daily and is also sent to Brinks over the internet. The smart safe also has a USB port for technicians and making backups. The researchers wrote a malicious script that loads automatically from a connected USB stick.
To open the safe door the USB stick only needs to be connected, then after a minute automatically opens the safe door. For this, an attacker must have physical access to the safe. To erase traces of theft can also database that keeps track of how much money there is to be adapted in the safe. The vulnerability was more than a year ago reported to Brinks, but according to the researchers, the company's problems still not resolved, so let them Wired know. The researchers will present their attack this year at the Def Con hacker conference in Las Vegas show .
No comments:
Post a Comment