We can see a green connector pressed when the door is opened. By causing a short circuit on the solder of the component, we are able to simulate the opening of the safe. Here is the scenario:

we close the door by entering a PIN code;

we cause a short circuit for the safe to think that the door is opened (in reality it is closed);

instead of asking for a PIN code to open the door, the safe awaits a new PIN code to lock the door;

we enter a new code;

the safe tries to close the door already closed;

the new code can be used to actually open the door.

The difficulty is to perform the short circuit from the outside. We use the screw hole of the brand logo plate to insert a wire. In our tests with very simple tools we needed about 30 minutes to correctly cause the short circuit. A professional thief could create a specialized tool which would reduce the time for a successful attack to a few minutes. Mitigation of this hack depends on the producer of the safe. Simple solutions could be to put the holes for the brand logo in a different place. More effective counter measures would be based on a piece of hardware that prevents access to the switch and a more sophisticated opening logic.

Hacking 2: the risk of the credit card use

Presentation of the feature

As explained before, the customer can use a credit card to lock and unlock the door. During our tests we discovered that the magnetic card must be a credit card. The customer cannot use an alternative magnetic card to lock the door. The system checks if the card used really is a credit card or not.

How a magnetic card reader works

A magnetic card reader is an extremely basic technology. It is composed of two elements:

A sensor to detect if a card is present or not

The reader itself

The reader is a play head, comparable to a sound head inside of old hi-fi tapes. The reader is composed of two wires: the data and the clock. To read the magnetic card it basically needs three wires: the sensor state, the data and the clock.

The sensor is the green block on the left with a metal strip underneath, and the reader is the element in the middle with the white and red wire.