SoylentNews is people
SoylentNews
Submitted via IRC for Bytram
One of Amazon's top-selling electronic gun safes contains a critical vulnerability that allows it to be opened by virtually anyone, even when they don't know the password.
The Vaultek VT20i handgun safe, ranked fourth in Amazon's gun safes and cabinets category, allows owners to electronically open the door using a Bluetooth-enabled smartphone app. The remote unlock feature is supposed to work only when someone knows the four- to eight-digit personal identification number used to lock the device. But it turns out that this PIN safeguard can be bypassed using a standard computer and a small amount of programming know-how.
As the video demonstration below shows, researchers with security firm Two Six Labs were able to open a VT20i safe in a matter of seconds by using their MacBook Pro to send specially designed Bluetooth data while it was in range. The feat required no knowledge of the unlock PIN or any advanced scanning of the vulnerable safe. The hack works reliably even when the PIN is changed. All that's required to make it work is that the safe have Bluetooth connectivity turned on.
[...] The vulnerability means that anyone who relies on a VT20i safe to secure valuables should immediately turn off Bluetooth connectivity and leave it off indefinitely. Safes can still be locked and unlocked using a traditional physical key, as well as by owners' fingerprints. Some Amazon customers, however, have complained the fingerprint feature is flawed as well.
[It's not clear from the story if the issue can be patched. - Ed]
(Score: 3, Interesting) by MostCynical on Monday December 11 2017, @10:30AM (13 children)
The safe is also the most expensive of the top 20 bestsellers on amazon, by a large margin, so lots of people seem to equate "expensive" with "effective"
https://www.amazon.com/Best-Sellers-Home-Improvement-Gun-Safes-Cabinets/zgbs/hi/4200861 [amazon.com]
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by PiMuNu on Monday December 11 2017, @10:34AM (6 children)
> so lots of people seem to equate "expensive" with "effective"
Not necessarily stupid equation to make. There is probably a correlation at least.
(Score: 2) by MostCynical on Monday December 11 2017, @10:51AM (3 children)
Hmm
https://cars.usnews.com/cars-trucks/honda/civic [usnews.com]
https://www.caranddriver.com/rolls-royce/phantom [caranddriver.com]
$23,000 vs $420,000 (US pricing - in Australia, $24,000 vs $855,000)
Eighteen times better? Thirty-four times?
I know, cars have more Marketing and "branding" and crap, but the Honda will get you to work and back, and not be a liability parked in a multi-storey (it will fit, for a start)
I wonder if any insurance companies offer premium reductions, if you use any/a particular safe? Will they now be increasing the premiums of people with this safe?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Insightful) by c0lo on Monday December 11 2017, @01:17PM (2 children)
Honda vs Roll Royce?
Come on, stop the rhetoric, it's unbecoming for a cynic.
You know very well Roll Royce is not about such a mundane reason as "get you to work and back".
https://www.youtube.com/@ProfSteveKeen https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Monday December 11 2017, @03:48PM (1 child)
Haven't driven a new Rolls in years, but 30+ years ago we had one on loan for a short project. It wasn't better by the price multiple, but it was a very nice touring car in nearly every respect (not around town, too big to park easily). As well as paying for the name, there is something to be said about paying for craftsmanship--many parts of the car involved hand labor which has the nice effect of making every one a little special (or just different, depending on your point of view).
Members of the Rolls-Royce Owner's Club consider themselves temporary custodians of these cars. They maintain them such that they will still be good for future owners. A friend uses his 1912 Silver Ghost for trips of several hundred miles, it's a lovely ride.
(Score: 3, Insightful) by lentilla on Wednesday December 13 2017, @02:58AM
You'd like to think so... but I suspect it's more of a case of having oodles of money. Every single scratch is promptly fixed and the cost isn't even a blip on the financial radar.
(Score: 2) by Wootery on Monday December 11 2017, @12:01PM (1 child)
I wonder. It's possible that the top end of the market attracts shysters and form-over-function products.
(Score: 2) by chromas on Monday December 11 2017, @09:44PM
Heh [amazon.com]
(Score: 2) by EvilSS on Monday December 11 2017, @11:54AM (3 children)
(Score: 3, Insightful) by theluggage on Monday December 11 2017, @12:05PM (2 children)
Presumably, though, the only real requirement is to ensure that anybody taking the guns and using them for nefarious purposes has to break/pick the lock - thus legally covering the ass of the owner.
...in which case having an electronic lock that can be hacked without leaving physical evidence is doubly stupid c.f. the cheapest, most useless padlock.
(Score: 4, Insightful) by EvilSS on Monday December 11 2017, @12:12PM
(Score: 2) by etherscythe on Monday December 11 2017, @03:29PM
This illustrates one reason that legal standards need to better track reality; the mere appearance of safety causes an appalling risk for those who get the impression that their safety measures are actually good enough. I realize some things take time, but what's going to happen when cryptocurrency or VR spaces totally disrupt regular life (in the "new normal" after the revolution hits)? There will be severe legal loopholes that are really going to stir chaos until the law catches up in 5 years or however long it takes to push through Congress. And as tech evolution accelerates, it's only going to get worse.
"Fake News: anything reported outside of my own personally chosen echo chamber"
(Score: 1, Flamebait) by VLM on Monday December 11 2017, @09:15PM (1 child)
Don't forget the insurance rider game.
Every insurance plan and state law is different but if I wanted an insurance rider I'd have to pay something like $5/mo for anywhere from $2500 up to like a million dollar collection (less than $2500 of guns is mere generic household property). So at the low end assuming that I have less than one total loss house fire per 40 years (so far ahead on that one) then I'm better off not insuring guns at all and just pay cash to replace. Depending on your local insurance costs, it might be mathematically logical to spend, say, $2K, on a fire proof safe on the assumption the guns will be pretty safe in a fire proof safe if the cost of insurance per likely fire exceeds $2K by a large enough margin. The safe mfgrs know that and price to be cheaper than insurance ripoffs but every penny below $2K (or whatever) is profit the mfgrs are leaving on the table... so "safe" (like for backup tapes or whatever) might cost $500 but a mechanically identical "gun safe" will cost $2K. Essentially the insurance company is setting the price of gun safes.
Meanwhile the other side of the insurance coin is the ins co doesn't want to play games with fraud so they want some skin in the game WRT buying a safe. So if the ins company says if you want a rider for over $2500 coverage, you're buying a safe regardless what the safe mfgr wants to charge.
A third argument is "a safe" might hold fairly worthless tape backups so they charge $500 but a $2K gun safe presumably holds many expensive guns so they know you got the cash and they want it.
This came from a project that never went thru for offsite tape storage in my basement; an X cubic foot fire proof safe was going to cost like $300 but adding the word "gun" to the search terms magically multiplied the cost of X cubic feet of fire proof storage by a factor of 3 to 5 over a non-gun safe. I used Pelican style cases when I was in the army like decades ago to hold all kinds of IT stuff; I now keep guns in pelican cases, which are not cheap but are a fair price given the high quality and indestructibility. I admit I was amused at the idea of expensing a gun safe; that was kinda the handshake and wink agreement with the employer that I'd get a free safe but I had to rotate an encrypted tape every week. I think the failure mode was we couldda snuck this past if it was just me, but the idea was to buy the whole department (gun?) safe and corporate freaked out and we ended up with Iron Mountain instead (spending probably 100x as much money, I suspect)
I did some Amazon research in the course of writing this post; "Case Club Waterproof 4 Pistol Case with Silica Gel" $105, or a similar size Pelican 1200 for $40. There are ripoffs of the Pelican available for like $10.
(Score: 3, Insightful) by MostCynical on Monday December 11 2017, @09:56PM
Maybe the insurance companies fall for the same crap; if it is sold as a gun safe, it must be better than a safe sold as a safe - why would they sell it as a gun safe, otherwise?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex