When you think of a safe, you think exactly that: something that is inherently safe (because it protects, you know, money and other valuables). Traditional safes may have hardly been considered “secure,” but their computerized counterparts — so-called smart safes — may be even less secure.
The Brink’s CompuSafe Galileo has a design flaw that has left it vulnerable to theft. A simple thumb drive is all that a clever (and tech-savvy) thief needs to break open the safe and take off with the cash inside.
It's in the Design
First, some background information on the centuries-old company, Brink’s. The company isn’t a safe manufacturer per se, but rather, a money-transporting service. One of the many services Brink’s offers is retail back office, which includes CompuSafe. You can find CompuSafe being used in countless restaurants and retailers nationwide. It’s a place for a store to put their cash during the day, rather than keeping it in a till.
There are many flaws in the hardware, software, and configuration of CompuSafe’s Galileo model. For this blog post, we will focus on the main flaw that makes the exploit possible. This safe’s design includes a USB port on its exterior. While intended for use just by Brink’s technicians, the USB port doubles (for thieves) as a backdoor into the safe’s cash.
And this is where you hack it.
If a potential thief wanted to pull off the Great Safe Robbery, he would simply need to walk up to the Galileo with a USB thumb drive scripted to automate hacking the safe. Once it was plugged in, he would just have to wait 60 seconds for the safe to open its doors.
In no time, he’ll have taken the money and will be on his merry way to a private island in the shape of Scrooge McDuck.
And That's Not All, Folks
Of course, while the thief is preparing to disappear into the sunset, he can use a few more simple commands to erase all details of this transaction from the safe’s system. You see, both Brink’s and the bank trust the smart safe to faithfully report its cash totals and event logs. By hijacking the operating system of the safe itself, he can make the safe report anything he wants. It will then be like the theft never even occurred — and, as a result, that the money was never placed in there to begin with.
Furthermore, since the safes are fully networked and connected to the Internet, a particularly enterprising thief could compromise the operating system of many Galileos and control them remotely. It only takes some small amount of imagination to picture what sort of coordinated robberies would be possible with this capability. Yes, it sounds like a subpar James Bond plot, but it is possible (anyone remember the 2011 coordinated ATM heist where thieves stole $13 million?)
Best Defenses?
Now, you are probably wondering how businesses can protect their CompuSafe Galileos. You are probably hoping there is a dependable, foolproof panacea. Well, unless you want to stick a wad of chewed-up gum in the safe’s USB port (not a good idea), there isn’t much anyone— other than Brink’s and the manufacturer — can do.
If your business relies on the CompuSafe Galileo models, there are some small steps you can take to be proactive. Be extremely protective – and selective – when it comes to the safe. Keep close surveillance on the safe by whatever means necessary (Dobermans, crocodiles, moats, etc.) Ensure that only the employees who absolutely require access are permitted anywhere near the safe. Perhaps consider buying a larger safe to store your safe.
Most importantly, do not place too much trust in your safe. Realize that it is a vulnerable device, and that you need to be diligent at all times.
Conclusion
The smart safe, CompuSafe Galileo, is susceptible to hijacking via maliciously programmed thumb drives plugged into its exterior USB port. After plugging in the thumb drive, the thief can fully take over the safe, open its doors, and steal the money it shelters. The thief can even take steps to expunge record of the money having been in the safe, making the hack more disturbing.
Although it’s uncertain what will happen next with this particular smart safe, this scenario reads like an Aesop’s fable for the digital age. Are we placing too much trust into smart devices? In our Internet of Things world, everything from toilets to toasters to safes is interconnected.
Is this really a good thing? Does every object demand networking?
In the instance of the CompuSafe Galileo, digitalization hasn’t magically rendered it more secure. Rather, it’s accomplished the exact opposite: It’s turned a safe into an (un)safe.
Dan Petro and Oscar Salazar will present their research on this subject at DEF CON 23 on Aug. 8, 2015.
And That's Not All, Folks
Of course, while the thief is preparing to disappear into the sunset, he can use a few more simple commands to erase all details of this transaction from the safe’s system. You see, both Brink’s and the bank trust the smart safe to faithfully report its cash totals and event logs. By hijacking the operating system of the safe itself, he can make the safe report anything he wants. It will then be like the theft never even occurred — and, as a result, that the money was never placed in there to begin with.
Furthermore, since the safes are fully networked and connected to the Internet, a particularly enterprising thief could compromise the operating system of many Galileos and control them remotely. It only takes some small amount of imagination to picture what sort of coordinated robberies would be possible with this capability. Yes, it sounds like a subpar James Bond plot, but it is possible (anyone remember the 2011 coordinated ATM heist where thieves stole $13 million?)
Best Defenses?
Now, you are probably wondering how businesses can protect their CompuSafe Galileos. You are probably hoping there is a dependable, foolproof panacea. Well, unless you want to stick a wad of chewed-up gum in the safe’s USB port (not a good idea), there isn’t much anyone— other than Brink’s and the manufacturer — can do.
If your business relies on the CompuSafe Galileo models, there are some small steps you can take to be proactive. Be extremely protective – and selective – when it comes to the safe. Keep close surveillance on the safe by whatever means necessary (Dobermans, crocodiles, moats, etc.) Ensure that only the employees who absolutely require access are permitted anywhere near the safe. Perhaps consider buying a larger safe to store your safe.
Most importantly, do not place too much trust in your safe. Realize that it is a vulnerable device, and that you need to be diligent at all times.
Conclusion
The smart safe, CompuSafe Galileo, is susceptible to hijacking via maliciously programmed thumb drives plugged into its exterior USB port. After plugging in the thumb drive, the thief can fully take over the safe, open its doors, and steal the money it shelters. The thief can even take steps to expunge record of the money having been in the safe, making the hack more disturbing.
Although it’s uncertain what will happen next with this particular smart safe, this scenario reads like an Aesop’s fable for the digital age. Are we placing too much trust into smart devices? In our Internet of Things world, everything from toilets to toasters to safes is interconnected.
Is this really a good thing? Does every object demand networking?
In the instance of the CompuSafe Galileo, digitalization hasn’t magically rendered it more secure. Rather, it’s accomplished the exact opposite: It’s turned a safe into an (un)safe.
Dan Petro and Oscar Salazar will present their research on this subject at DEF CON 23 on Aug. 8, 2015.
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
