Brinks Safe Can Be Hacked in 60 Seconds with Just a USB Stick

When it comes to securing cash, companies might be better off relying on old-school mechanical safes instead of the latest computerized models. That's because a thief using only a USB stick and a few lines of code can hack into these new safes used by restaurants, convenience stores, and retailers.

The discovery was reportedly made by researchers at Bishop Fox, a software security firm. The company said the CompuSafe Galileo (pictured), a safe built by security firm Brinks, contains a vulnerability that would allow a thief to use its USB port to upload malicious code that commands the safe to open. A hacker could get into the safe in under a minute, according to the researchers.

Multiple Vulnerabilities

Researchers Oscar Salazar and Dan Petro said they plan to demonstrate the vulnerabilities at the DefCon 23 conference in Las Vegas on August 8. The researchers said the safe contains multiple vulnerabilities, although they're mainly focusing on the USB port. Because it's not physically secured with any additional safeguards anyone can attach a device to it.

That could potentially present a very big problem for retailers. CompuSafe Galileo is designed as part of a retail cash management system. As a point-of-sale component, the safe is often located in high-traffic areas. Not only do companies have to worry about theft from employees, but also from customers.

But CompuSafe Galileo seemingly has other vulnerabilities as well. For instance, the safeEUs operating system is Windows XP, an outdated version of the software that Microsoft no longer supports and could be vulnerable to new exploits. Although Windows XP is not the reason behind the USB exploit, BrinksEU decision to use such an antiquated system raises questions.

Typically, the safe is designed to be operated by a touchscreen. Once cash has been deposited, it is supposed to be...

Comments are closed.