Nothing in this day and age is safe from exploitation by hackers. If there’s an input device or a network connection, the electronic device is at risk and the same goes for Brinks “ultra secure” electronic safes.
With just 100 lines of code on a USB thumb drive, hackers were able to break into a CompuSafe from Brinks, no explosives needed.
How they did it and more will be demoed at the Def Con Hacking conference next month in Las Vegas by Bishop Fox, a security firm that discovered the vulnerability.
The CompuSafe makes it easy for employee’s of a store to insert cash into the machine that is automatically counted and receipt given. It’s sold as a very secure safe and easy way to reduce discrepancies and theft within a company.
The researchers that discovered the flaw says more than 14,000 of these CompuSafe Galileos has been deployed across the United States. The safes are still running Windows XP, which Microsoft no longer supports which further proves how insecure these safes really are. Regardless to the fact that its running Windows XP, the safe would still be vulnerable to the exploit even if it was running Windows 10 the researchers had told eWeek.com.
The majority of the attack involves breaking out of the kiosk mode which typically prevents a user from accessing the core operating system and additional functions. If you can break out of kiosk mode, then you are in and are usually already an administrator or running under a root account giving you complete control.