Safe locks from SecuRam – How easy it is for safecrackers

It should be clear to everyone by now that you don't stick post-its with passwords on monitors. The situation is different with SecuRam Systems Inc.: although the digital safe locks are considered highly secure and are approved for money safes, medicine, drug or gun safes, these locks have the security of a Post-it with a key. SecuRam's locks are also used in Europe.

As Mark Omo and James Rowley discovered in their spare time, the digital locks store both the symmetric key and the encrypted PINs and master PINs as well as the recovery information not in the inaccessible lock in the safe, but in the keypad, which is easily accessible from the outside. Using Raspberry Pi, the two IoT security experts built a tool that can read all security-relevant information from the keypad. It was practical that the controller in the keypad – a Renesas RL78/G13 – is also installed in the Playstation 4. This meant that the gamehacker group fail0verflow! had already created all the tools such as the memory dumper and the tools for the debug port.

The debug port is extremely easy to access from the outside through the battery compartment. The manufacturer has also forgotten to fuse the debug port, i.e., to make it inaccessible on the chip, and has not assigned a debug unlock pin. They gained full access to the memory via a simple 0000000000.

Although the manufacturer uses XXTEA as the cipher, it is of no use in this case as the key is also stored in the keypad. According to the researchers, this disastrous situation is also because the standards for electronic physical security devices such as safes are completely outdated and do not correspond to the current state of the art.

(kbe)