Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday December 11 2017, @08:44AM   Printer-friendly
from the unsafe-handgun-safe dept.

Submitted via IRC for Bytram

One of Amazon's top-selling electronic gun safes contains a critical vulnerability that allows it to be opened by virtually anyone, even when they don't know the password.

The Vaultek VT20i handgun safe, ranked fourth in Amazon's gun safes and cabinets category, allows owners to electronically open the door using a Bluetooth-enabled smartphone app. The remote unlock feature is supposed to work only when someone knows the four- to eight-digit personal identification number used to lock the device. But it turns out that this PIN safeguard can be bypassed using a standard computer and a small amount of programming know-how.

As the video demonstration below shows, researchers with security firm Two Six Labs were able to open a VT20i safe in a matter of seconds by using their MacBook Pro to send specially designed Bluetooth data while it was in range. The feat required no knowledge of the unlock PIN or any advanced scanning of the vulnerable safe. The hack works reliably even when the PIN is changed. All that's required to make it work is that the safe have Bluetooth connectivity turned on.

[...] The vulnerability means that anyone who relies on a VT20i safe to secure valuables should immediately turn off Bluetooth connectivity and leave it off indefinitely. Safes can still be locked and unlocked using a traditional physical key, as well as by owners' fingerprints. Some Amazon customers, however, have complained the fingerprint feature is flawed as well.

[It's not clear from the story if the issue can be patched. - Ed]

Source: https://arstechnica.com/information-technology/2017/12/top-selling-handgun-safe-can-be-remotely-opened-in-seconds-no-pin-needed/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Flamebait) by VLM on Monday December 11 2017, @09:15PM (1 child)

    by VLM (445) Subscriber Badge on Monday December 11 2017, @09:15PM (#608432)

    Don't forget the insurance rider game.

    Every insurance plan and state law is different but if I wanted an insurance rider I'd have to pay something like $5/mo for anywhere from $2500 up to like a million dollar collection (less than $2500 of guns is mere generic household property). So at the low end assuming that I have less than one total loss house fire per 40 years (so far ahead on that one) then I'm better off not insuring guns at all and just pay cash to replace. Depending on your local insurance costs, it might be mathematically logical to spend, say, $2K, on a fire proof safe on the assumption the guns will be pretty safe in a fire proof safe if the cost of insurance per likely fire exceeds $2K by a large enough margin. The safe mfgrs know that and price to be cheaper than insurance ripoffs but every penny below $2K (or whatever) is profit the mfgrs are leaving on the table... so "safe" (like for backup tapes or whatever) might cost $500 but a mechanically identical "gun safe" will cost $2K. Essentially the insurance company is setting the price of gun safes.

    Meanwhile the other side of the insurance coin is the ins co doesn't want to play games with fraud so they want some skin in the game WRT buying a safe. So if the ins company says if you want a rider for over $2500 coverage, you're buying a safe regardless what the safe mfgr wants to charge.

    A third argument is "a safe" might hold fairly worthless tape backups so they charge $500 but a $2K gun safe presumably holds many expensive guns so they know you got the cash and they want it.

    This came from a project that never went thru for offsite tape storage in my basement; an X cubic foot fire proof safe was going to cost like $300 but adding the word "gun" to the search terms magically multiplied the cost of X cubic feet of fire proof storage by a factor of 3 to 5 over a non-gun safe. I used Pelican style cases when I was in the army like decades ago to hold all kinds of IT stuff; I now keep guns in pelican cases, which are not cheap but are a fair price given the high quality and indestructibility. I admit I was amused at the idea of expensing a gun safe; that was kinda the handshake and wink agreement with the employer that I'd get a free safe but I had to rotate an encrypted tape every week. I think the failure mode was we couldda snuck this past if it was just me, but the idea was to buy the whole department (gun?) safe and corporate freaked out and we ended up with Iron Mountain instead (spending probably 100x as much money, I suspect)

    I did some Amazon research in the course of writing this post; "Case Club Waterproof 4 Pistol Case with Silica Gel" $105, or a similar size Pelican 1200 for $40. There are ripoffs of the Pelican available for like $10.

    Starting Score:    1  point
    Moderation   -1  
       Flamebait=1, Total=1
    Extra 'Flamebait' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   1  
  • (Score: 3, Insightful) by MostCynical on Monday December 11 2017, @09:56PM

    by MostCynical (2589) on Monday December 11 2017, @09:56PM (#608463) Journal

    Maybe the insurance companies fall for the same crap; if it is sold as a gun safe, it must be better than a safe sold as a safe - why would they sell it as a gun safe, otherwise?

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex