A Robot At DEFCON Cracked A Safe Within 30 Minutes

schwit1 shared an article from the BBC: Using a cheap robot, a team of hackers has cracked open a leading-brand combination safe, live on stage in Las Vegas. The team from SparkFun Electronics was able to open a SentrySafe safe in around 30 minutes... After the robot discovered the combination was 51.36.93, the safe popped open -- to rapturous applause from the audience of several hundred... The robot, which cost around $200 to put together, makes use of 3D-printed parts that can be easily replaced to fit different brands of combination safe. It cannot crack a digital lock -- although vulnerabilities in those systems have been exposed by other hacking teams in the past.
Though the safe had a million possible combinations using three two-digit numbers, the last number had slightly larger indents on the dial -- reducing the possible combinations to just 10,000. And in addition, "the team also discovered that the safe's design allows for a margin of error to compensate for humans getting their combination slightly wrong" -- which meant that the robot only had to check every third number. "Using this method, they could cut down the number of possible combinations to around 1,000."

"Some SentrySafe models come with an additional lock and key, but the team was able to unlock it by using a Bic pen."

Sounds like they watched a few Richard Feynman

[Tulsa_Time]

You Tube Videos...

Re:Sounds like they watched a few Richard Feynman

[Registered Coward v2]

Exactly. The stories of his safe cracking in Surely You're Joking... are great. That book and they follow-on should be required reading for anyone interested in hacking, in the old school meaning of the term.

Re:Sounds like they watched a few Richard Feynman

[gl4ss]

They're an interesting read for anyone who doesn't want to be an idiot, really.

even if you figured out some of the stuff yourself, reading surely you're joking gives you at least some hope in humanity and in that, no, people aren't that different despite few decades of time passing - but you don't have to let it get to you too much.

aaaanyways also this is kinda why proper safes have delay locks.. with a home safe I would be more interested in if it keeps the stuff safe in an event of fire or whatever(the reason for the name "safe" vs. a lockbox).

Re:Sounds like they watched a few Richard Feynman

[Ed Tice]

There are two types of safes. Fire safes and security safes. There may be safes that combine both sets of features but they aren't sold at everyday retailers. A fire safe is typically made up of insulating material and you could probably cut through it pretty easily. A security safe tends to be made of high-strength materials. As a DIY measure, I guess you could put a security safe inside of a fire safe! I wouldn't do the other way around as the fire might prevent the security safe from opening.

Re:

[i.r.id10t]

You forgot the 3rd type - "flimsy metal locking box", which is what almost every Sentry safe is.

Hint - if it doesn't have an Underwriters Lab listing, it isn't worth the $...

If you *really* need a safe (I delayed for ages due to cost, sucked it up and instead of buying another rifle I bought a safe - with UL cert - to put the rest of 'em in) check the deal at Big Box Stores - Lowes, Home Depot, Rural King, Tractor Supply.

Most of these give veterans a discount, sometimes you can catch a sale, sometimes you c

My Sentry safe model 1250..

[Anonymous Coward]

was broken into in the less than twenty minutes between when someone kicked in my door and the Seattle police responded. They took everything in it. Sentry makes horrible safes.

Re: My Sentry safe model 1250..

[Anonymous Coward]

Why would any thinking person expect less than a four hour response?

Re:

[dak664]

For immediate response, dial 911, hangup, don't answer the ringback.

Re:

[Anonymous Coward]

The police have no legal duty to protect citizens not already in custody. Many don't realize that. Burglary is considered little more than a nuance in many locales and treated much like a noise complaint. The police likely won't come, and even if they do, may do little to no investigating.

On a related note, often the places with the tightest gun restrictions have very poor police response. In my view, if the police have no legal obligation to protect the public, then the public should have the right to be

Re:

[Anonymous Coward]

Burglary is considered little more than a nuance in many locales and treated much like a noise complaint. The police likely won't come, and even if they do, may do little to no investigating.

And yet the last couple cities I've lived in, with 200-500k people within larger metro areas, the police responded to break-ins in a couple minutes, even when it was obvious that the burglars have long since been gone. For the two incidents that were actually on my property, they spent some time taking down serial numbers, looking around for possible prints (even when it was hopeless in one case due to being a dusty garage used for woodworking... but they spent some time checking just in case they got luck

Re:

The police have no legal duty to protect citizens not already in custody. Many don't realize that.

They sure have that duty where I live, so let me ask someone else before I store this in the "only in the US..." category of unbelievable US exceptions in comparison to the rest of the world: Is this even remotely true?

Re:

[trg83]

It is, unfortunately, true for the US. Several Supreme Court rulings have decided this to be true.

Re:

[Anonymous Coward]

Look, if they have an obligation to protect, they can be sued when they fail. If there is no way for police to be held legally liable for not protecting any specific person, they have no obligation to protect anyone.

Re:

[Stealthey]

On a related note, often the places with the tightest gun restrictions have very poor police response. In my view, if the police have no legal obligation to protect the public, then the public should have the right to be armed with few restrictions. Be glad it wasn't an armed robbery. Even that doesn't necessarily guarantee a timely police response either.

You got anything to backup this statement? We have gun control here in Canada, granted there is still gun related crimes but police response to any crime is almost immediate. At least in Peel Region, they are fast.
Guns kill people, plain and simple. US has most number of guns per capita, yet its jails are over crowded, violence and gun-related death are probably highest in any developed nation. By your logic, guns should have eliminated all crime.

Obviously society is not so easily contained by simplified st

Re:

[Bengie]

Over here, trespassing is considered a mortal threat and the resident may respond as such. If your residence is not safe, then you are not safe. My dad refused to leave my mom's driveway. Sheriff was there in minutes with lights blazing. My father almost got charged with assault just for trespassing because he refused to leave when asked. An attack on a person's property is nearly akin to an attack on the person, mostly depending on how long it drags out.

Re:

[Marful]

The Seattle PD tries to respond to all break-ins within four hours.

Might as well not even bother to respond if the wait time is 4 hours.

Re:

[chuckugly]

When seconds count, the police are only hours away. How incredibly reassuring. /s

Re:

[aicrules]

so what the fuck are they doing between the call and the arrival "within 4 hours"? Are there that many crimes happening that are worse than a break-in with owner in home that it takes that long?

Re:My Sentry safe model 1250..

[kelemvor4]

This. I work for the Seattle city government, and we demand a less than four hour response to all break-ins. We are trying very hard.

That's pretty pathetic. To be useful it needs to be a lot closer to 15 minutes. Otherwise, they're never going to catch anyone or save any lives. At 1+ hours, all they're doing is playing secretary as they write a report.
If you can't protect your citizens better than that, you should be encouraging gun ownership and self defense/home security type training for citizens.
In Tampa, FL I've had to call the police 2 or 3 times in the past decade. They've always come very quickly, I don't have actual times but I'm thinking close to 15 minutes for sure.

I just can't get over it. You're proud of a 4 hour response time? That's really bad.

Re:

[kelemvor4]

This. I work for the Seattle city government, and we demand a less than four hour response to all break-ins. We are trying very hard.

That's pretty pathetic. To be useful it needs to be a lot closer to 15 minutes. Otherwise, they're never going to catch anyone or save any lives. At 1+ hours, all they're doing is playing secretary as they write a report. If you can't protect your citizens better than that, you should be encouraging gun ownership and self defense/home security type training for citizens. In Tampa, FL I've had to call the police 2 or 3 times in the past decade. They've always come very quickly, I don't have actual times but I'm thinking close to 15 minutes for sure. I just can't get over it. You're proud of a 4 hour response time? That's really bad.

I should also point out, that in one of those incidents they caught the perpetrator nearby. If they'd waited 2 or 3 hours he would have been long gone.

Re:

[Anonymous Coward]

> less than twenty minutes...Seattle police responded

That's impressive. Usually they tell you to call back the next day. I know the last time I called 911 when someone stole my car then later kicked in my door, they told me to wait until 9am the next day to call back.

Re:

[knightghost]

Police would be here in less than 4 minutes. Then again we encourage self defense, leading to so little crime that the police can respond immediately to what does occur.

Re:

[gl4ss]

with how the police are trained in usa.. it might be better off if they come 4 hours later and the situation has chilled out already and the sun has come up so the poor sods don't get spooked so easliy.

seriously you should just demand the police education gets tripled or quadrupled to match countries with less police shootings and less gun fatalities. and the pay level is the highest in the world for coppers so there's that too, it's not like it's not compensated for.

also, you got some stats to back that

Re:

[Anonymous Coward]

This. The German rank and file police I worked with had the equivalent of a Master's degree in criminal justice. The English police had a year of training for unarmed combat.

US police might get a few hours, but the majority of their training is at the range, so they do what they are trained to do in a heated situation; draw, aim for center of mass and empty the magazine on their duty weapon, and then fill out the paperwork while out on paid leave. That is just how the US police system works. The officer

Re:

[kaatochacha]

Have you ever met a Japanese police officer?
I lived in japan, and the few times I interacted with them, they were primarily skilled at filling out forms, walking around, and waving flags. To be fair, there's not a lot of crime there outside of criminal on criminal that they need to deal with.
Once, when my bike was stolen, he was very attentive to the proper form filling out, and had me revise my form a few times due to my bad Japanese. Of course I never got the bike back.
Another time, one accosted me in the

Re:

[gl4ss]

What the fuck are you talking about, weirdo?

that 'murican cops are trained to shoot if they feel scared.

that's not a joke or an urban myth or anything.. that's literally the aim of the training. to make them shoot (to kill) if they feel scared. also that's the literal opposite of how cops are trained in most of the world.

scared pussies that you pay double the wage that people in other countries get from training to be police for triple the time. yet, you refuse to recognize this is a problem of any sort.

Re: My Sentry safe model 1250..

[KGIII]

Almost all shots are meant to kill. Those vanishingly small few that aren't, should be. Adding 'to kill' reeks of an agenda or ignorance. If the latter, given the vast amount of education on the subject, I can only assume it is willful.

Re: My Sentry safe model 1250..

[dunkelfalke]

Maybe where you come from, but German police is trained to shoot to stop. This is one of the reasons why in Germany only about 12 persons per year get shot to death by the police. German police is also trained to only shoot as ultima ratio when there is no other way to stop a person instead of using their firearm when they are scared. This is why many German cops never once have shot at people during their decades-long carreer.

Re:

[KGIII]

You shoot only when you need to. When you do shoot, you shoot to kill. If they stop, before being dead, that's a bonus. If they don't stop, shoot them again.

Re: My Sentry safe model 1250..

[dunkelfalke]

And shoot them again in the head, just to be sure. I get it.
You guys are nuts.

Re:

[KGIII]

If the first two don't stop them, they usually keep aiming for center mass.

I'm also 98.4% sure that your police are taught the same thing. You may be right, but that's not very bright. If they're a danger, you shoot - and all shots intend to kill. Well, virtually all. There have been a few exceptions - they were stupid. Some sniper once shot a firearm out of a guy's hand. Most cops aren't snipers and that was pretty much the only time I've heard of it being a valid idea - and even then it was a judgment cal

Re:

[dunkelfalke]

Shooting for legs is fine for a German cop. Actually even shooting at the tarmac in front of a person. Hitting a leg with a pistol at 20 meters is not difficult. Like I said, you guys are nuts, and not in the psychiatrig drugs taking way - nothing wrong about these, I take some myself. Center of mass targeting is military, not police and police should not behave like military because that way they will consider citizens being their enemies.

Re:

[KGIII]

If you're not shooting for center mass, you don't need to be shooting - with some exceptions.

Here's a fun one... I was a transportation officer at a military brig. I carried a shotgun and a sidearm. The shotgun was for if they ran away. It had just a slug, made of lead. You shoot about three steps behind them escaping inmate and the round expands when it hits the ground and is deflected up - ideally into their ass. If they kept moving, the next shot was to kill. (I never had to do any of those.)

And I'm gonn

Re:

[Raenex]

This is one of the reasons why in Germany only about 12 persons per year get shot to death by the police.

There's practically no gun crime to speak of in Germany. In the United States, there's plenty. Go put a badge on, and then spend some time policing. Tell me what you're going to do when some punk doesn't listen to commands and starts reaching like he has a gun. Tell me you're going to be John Wayne and shoot the guy's pistol out of his hand.

Does [youtube.com] he have a pistol? Why [youtube.com] isn't he following commands. Think [youtube.com] fast now.

Re:

[chuckugly]

Maybe where you come from, but German police is trained to shoot to stop. ...

That's what all police are trained for, and that's also the basis of self defense shootings; the goal is to make the person doing the bad thing stop doing that thing. The rub is that in actual practice it's very similar to shooting to kill, since mammals are notoriously hard to stop but relatively easy to wound fatally.

Re:

[serviscope_minor]

Police would be here in less than 4 minutes. Then again we encourage self defense, leading to so little crime that the police can respond immediately to what does occur.

Where's here?

Re:

[hord]

Look in the mirror as you press F5.

Re:Help me understand this

[gl4ss]

it's defcon.

that is, nowadays it seems it's just about a) money b) cheesy pr stunts to get said money.

why do you think it's in vegas and not say in hamburg?

never mind the fact that it was just a brute forcer - ultrasonic detection, xrays, click detection or anything - just brute force an amount a human could brute force!.

like okay, just have it as an exhibit on the show floor.. okay.

but just take a look at the talks. okay there's apple watch jailbreak but thats about it and even that is kind of a who gives a fuck when you can buy open smartwatches for 1/6th of the price

Very Cool Application

[mykepredko]

I know this isn't at the level of what you'd see in a James Bond movie, but neither is the Sentry safe.

Congratulations to the team at SparkFun!

Re:

[Frosty Piss]

I know this isn't at the level of what you'd see in a James Bond movie, but neither is the Sentry safe.

Exactly. The story quote is:

a leading-brand combination safe,

My thought having worked with some mid-range GSA approved classified document safes and gun safes is that a Sentry is to safes as an inexpensive Master combination lock is to locks...

But the idea of how it was "cracked" is nifty none the less.

James Bond

[AHuxley]

On Her Majesty's Secret Service (1969) had that safe-cracking machine.

Re:

[FlyHelicopters]

So did The Saint with Val Kilmer.

Re:

[ausekilis]

I liked how the safe cracker in Italian Job looked much better.

Re:

[aicrules]

For everything after "tighter." Though even the third sentence probably would have been okay, that last sentence did AC in.

So, not surprised they're not all that secure

[bobstreo]

Do they at least provide some measure of flame resistance for the contents?

Otherwise, you may as well leave your important/valuable stuff sitting in a closet.

Re:

[Hentes]

Every security mechanism using passcodes will be vulnerable to a bruteforce method. I imagine that if robots like this will become widespread safes will start to be equipped with timers to defeat them. Even without that though, 30 mins is still a long enough time to deter most burglers, especially with the noise this machine generates.

Re:So, not surprised they're not all that secure

[starblazer]

1) steal safe
2) stash safe
3) attach robot
4) profit?

Key to this is to make sure its bolted to the floor. Most home safes aren't.

Re:

[MightyYar]

Key to this is to make sure its bolted to the floor.

Great, then if they find my sawzall it'll really get expensive...

Re:

[Calydor]

Just put it in the safe.

Re:

[MightyYar]

Concrete tends to be where it gets wet :)

Just having fun - you are right of course. In my neighborhood, the safe probably only needs to last about 10 minutes or so to deter the thieves. Once the alarm goes off, they aren't going to stick around long because the police are pretty responsive. If I was in one of these 4-hour response time neighborhoods (and why would I be?), I need a better safe.

Re:

[xlsior]

Or they'll just add additional numbers/turns to the code -- time needed will increase exponentially with each extra number.

Re:So, not surprised they're not all that secure

[arth1]

Many of the Sentry safes can be opened in seconds with a powerful magnet. They're useful for keeping honest people honest, and give moderate protection from fires, depending on placement.
Mechanical safes are generally safer (no pun intended) than keypad ones, but there are still lots of exploits for quite a few of the common safe models.

Re:

[fermion]

It took 30 minutes to break into the safe using brute force. The advantage is that one can get into the safe without anyone knowing. On the other hand, safes rated for 30 minutes tend to be high end, soil there is not another faster way in, then this is a pretty good safe. But yes, most businesses I know tend to hide important documents in plain sight. Safes are mostly to discourage causal theft and protection from fire.

Re:

[No Longer an AC]

They claim they are fireproof and even give some specifications as to heat and duration.

That's what what mine is for. It's also waterproof (I was able to test that much - I'll take their word that it's fireproof).

I was advised once to get one but leave it unlocked - otherwise they'll just steal the whole thing. I keep it locked anyway but I don't expect it to really stop anyone burglarizing my home. (so presumably this way they'll just steal the contents? Hooray, I guess).

Re:

[White Yeti]

I agree with the unlocked fire safe advice. My small, $600, 300 lb. theft/fire safe was pried off the floor bolt and removed in about 30 minutes. In addition to 2 jewelry boxes, it contained lots of "fire" stuff like documents and keys. If the thieves had opened the safe they would have left half the stuff behind.

Re:

[JaredOfEuropa]

Some of the cheap safes do offer decent protection against fire. That's the reason I got that relatively cheap Honeywell safe for my home office. It came out pretty well in a fire test, not so well in a break-in test: it can be banged open fairly quickly. But even on this crappy cheap ass safe, the spin lock has to be turned to zero after dialing in the combination, before the door handle can be operated. This prevents someone from feeling notches on any of the rotors, including the first one.

The loc

Re:

[ctilsie242]

What I don't get is why the round keys are even still used. The basic Abloy style disk detainer locks have fallen out of patent for almost a century, and even a version of that like what is in the Sargent & Greenleaf Environmental padlock which uses fewer disks, would be more than good enough for a basic security container. Heck, a lever lock, which is 1700s technology, would be useful and decently secure (hell, AT&T/Ma Bell used a variant of lever locks (29B/30C) for decades which were extremely

Re:

[chuckugly]

A safe can provide some legal protection (kids in a house with firearms) and can bolster an insurance claim. Practically, any safe a consumer is likely to use can be defeated with 20 minutes and a $12 pawn shop grinder and cutting wheel.

New at 11: Sentry safes are not secure

[Anonymous Coward]

Sentry safes have long been known not to be super secure. They picked low hanging fruit for this demonstration. Forget even dealing with the locking mechanism, its not that hard to pop them open with a crowbar or some other prying device. Check out YouTube. However they do provide modest security (think locking a gun away from the kids) and are fire resistant.

I personally have one, but its primarily for securing documents in a fire resistant manner. I would by no means store gold bullion or anything else of

Seriously, BBC?

[DontBeAMoran]

WTF?

Sorry, you need Flash to play this.
Enable it in your browser or download Flash Player here.

I thought the BBC was a bit more up-to-date on current technologies. I guess I was terribly wrong.

Re:

[tsa]

That's strange. I could play the video on my iPad, which doesn't have any Flash software.

Re:

[gchat]

That's strange. I could play the video on my iPad, which doesn't have any Flash software.

That's because BBC like many other sites, switch to html5 on their mobile site version. Desktop version needs flash though...

Re:Seriously, BBC?

[AmiMoJo]

The BBC hasn't been at the forefront of tech for many years. They developed a lot of cool stuff back in the day, but their streaming video tech is abysmal. Flash required for BBC News embedded videos, and iPlayer's video quality is terrible ("HD" is only 720p, very low bit rate and poor encoder).

Re:

[antdude]

What happened? Budget cuts? Bad managements? :(

Re:

[AmiMoJo]

Budget cuts. The current government hates the BBC and is trying to destroy it by curing its funding.

Re:

[thegarbz]

No there's something strange for your. I have no problem playing Flash and I even double checked to ensure it was blocked.

Re:

[thegarbz]

*playing the video without Flash. Jeesh sometimes I wish Slashdot had a preview feature.

Re:

[gringer]

Or a couple of weeks with a 3D printer, arduino, and a few other accessories.

Big deal...

[jonwil]

This is like all the videos showing Master padlocks opened with hammers and zip ties and things, Let me know when their fancy-pants robot can manipulate open a top-of-the-line Sargent & Greenleaf UL 768 Group 1 rated combination lock in such a short space of time and it might be noteworthy...

All this video does is show that the Sentry Safe safes are just as crappy as any other product Master Lock makes.

Re:

[tsa]

If it was a crappy safe it would take 30 seconds to open it, not 30 minutes.

Fantastic Work

[Cafe Lets meet]

Technology at its very very best. Reports suggest that the underground organizations have already devised a technique which will allow miraculous things to happen like flying a plane without fuel , or flying a car in air . Considering that powerful technologies are being kept secret, some of the effect is bound to occur in the lives of normal people. Lets hope people uses the positive aspect to a much greater use like the Team SParkFun

Re:

[account_deleted]

Comment removed based on user account deletion

Close enough to being secure

[gsslay]

the safe's design allows for a margin of error to compensate for humans getting their combination slightly wrong

Seriously? The safe is designed to say "Wrong number, but meh, close enough."

Re:

[geekmux]

the safe's design allows for a margin of error to compensate for humans getting their combination slightly wrong

Seriously? The safe is designed to say "Wrong number, but meh, close enough."

Yes, seriously. I've opened Sentry safes before and knew I had screwed up the combination, only to find the safe opening because I was apparently close enough.

Sadly, the safe manufacturer had to design this close-enough feature into their product because humans who want to own cheap safes can't manage to turn a dial accurately. Probably also the same reason we've gone from dials to keypads and fingerprint sensors (which will be cracked next month by a monkey armed with a pack of gummy bears)

Caper movies of tomorrow

[Applehu Akbar]

Does this mean that the next Hollywood heist will contain the line "Bite my shiny metal ass!"?

sentry safes are mainly for fire protection

[iggymanz]

Sentry makes fire protection boxes. Those are not safes to protect again anything but the thief who only has a couple minutes to work. You can see average joes with a prybar and a sledge hammer (to force the bar into the steel coating the concrete) open these safes in less than 15 minutes.

In fact the mechanism of these "safes" is very much like a bicycle padlock, not a real safe or vault's lock.

Keypad safes

[studean]

True story: I got an old keypad safe from a company I used to work for. Nobody knew the combination or had the backup key, so it was just dead weight. When I got it home, I started running through all the possibilities that I could think of to come up with a device to crack it. Would I use an Arduino? LEGO robot? Manually push buttons until I figured it out? Nope. I just opened the battery compartment. Actually, I removed the keypad housing, too. I found a header of some sort that I thought I'd try wiring

Re:

[turkeydance]

fat men sing in the bath tub with the blues (littlefeat)