Security firm exposes security vulnerabilities in popular handgun safe (VIDEO)
Security researchers have discovered that a popular electric gun safe could be opened by virtually anyone without a password, thanks to a bluetooth vulnerability and weak PIN set up.
The Vaultek VT20i handgun safe, one of Amazon’s best selling gun safes, is promoted as a secure way to store a weapon. Owners can open the safe using a Bluetooth-enabled smartphone app by entering a four to eight digit pin.
However, the PIN isn’t required to open the app, as demonstrated in a video by security firm Two Six Labs. Researchers showed how they were able to open the safe by sending Bluetooth data from their laptop to the safe.
In a blog post detailing the “ability to exploit multiple security failures” in the VT20i, the company explained how it was able to open the safe by sending Bluetooth data from a laptop to the safe, which allowed them to open the safe without a PIN. All that’s needed is for the Bluetooth connectivity to be turned on in the safe. Vaultek responded to the video by saying the hack was more difficult than it appears, a claim which Two Six Labs then disputed.
"What you are not seeing is the prep time required to isolate the correct code and the time required to study the safe and it's transmissions, and the subsequent decoding time needed to generate the final code," Vaultek told Arstechnica in an email. "This can take hours of work and also requires the ability to observe a correctly paired phone."
Hundreds of #HP laptop models found to have hidden keylogging software, may have recorded passwords, bank details, search history https://t.co/Tvzsb2GLiipic.twitter.com/QPPuqNJKfX
— RT (@RT_com) December 11, 2017
"Once you have developed this capability or written a script to do it, you can affect any safe in this product line in a matter of seconds," Two Sixes Labs' Austin Fletcher told Arstechnica.
Another vulnerability was that there is no limit on the number of attempts that can be made to guess the PIN. The PIN can only use the numbers 1-5, and can only be between four and eight digits long, so it can be opened using a brute force attack.
The company informed Vaultek about the issue in October and waited until it had come up with a fix before going public with their findings. On Saturday, Vaultek wrote on Facebook that it was working with Two Six Labs to make the safes more secure.
