Hacking Smart Safes: On the "Brink" of a Robbery presented at Defcon 2015

by Dan "altf4" Petro, Oscar Salazar,

Summary : Have you ever wanted to crack open a safe full of cash with nothing but a USB stick? Now you can!
The Brink’s CompuSafe cash management product line provides a “smart safe as a service” solution to major retailers and fast food franchises. They offer end-to-end management of your cash, transporting it safely from your storefront safe to your bank via armored car.
During this talk, we’ll uncover a major flaw in the Brink’s CompuSafe and demonstrate how to crack one open in seconds flat. All you need is a USB stick and a large bag to hold all of the cash. We’ll discuss how to remotely takeover the safe with full administrator privileges, and show how to enumerate a target list of other major Brink’s CompuSafe customers (exposed via configuration files stored right on the safe).
At any given time, up to $240,000 can be sitting in each of the 14,000 Brink’s CompuSafe smart safes currently deployed across the United States - potentially billions of dollars just waiting to be stolen.
So come ready to engage us as we explore these tools and more in this DEMO-rich presentation. And don’t forget to call Kenny Loggins… because this presentation is your highway to the Danger Zone…
Note - This presentation is about exposing flaws in the Brinks’s Compusafe to improve security and allow pentesters to demonstrate these flaws to their customers. Please use this information responsibly.