Electronic safes are. They are much more difficult to crack. However, many electronic safes have a weak. Here are some steps to opening an electronic safe.

• Author: Lily Hay Newman. • Date of Publication: 08.07.16.

08.07.16 • Time of Publication: 5:22 pm. 5:22 pm Hacker Unlocks ‘High Security’ Electronic Safes Without a Trace “High security” consumer electronic safes could certainly be pried open with power tools, but they’re as reasonably robust for daily-life scenarios. On Friday, though, a hacker known as presented strategies for identifying a safe custom-selected keycode and then using it to unlock the safe normally, without any damage or indication that the code has been compromised. At Defcon, researchers about picking and hacking locks, and there’s even a whole “lock picking village” where people can learn basic skills or share sophisticated techniques. But there are always new locks to investigate and what makes Plore’s techniques interesting is what they lack: any physical or even algorithmic sabotage.

Plore used side-channel attacks to pull it off. These are ways of exploiting physical indicators from a cryptographic system to get around its protections. Here, all Plore had to do was monitor power consumption in the case of one safe, and the amount of time operations took in other, and voila, he was able to figure out the keycodes for locks that are designated by independent third-party testing company. These aren’t the most robust locks on the market by any means, but they are known to be pretty secure.

Safes with these locks are the kind of thing you might have in your house. In practice, Plore was able to defeat the security of two different safe locks made by Sargent and Greenleaf, each of which uses a six-digit code. “I chose Sargent and Greenleaf locks due to their popularity. They are the lock manufacturer of choice on Liberty brand gun safes, among others, and safes featuring those locks are widely available at major stores,” Plore told WIRED. Plore said he didn’t have time before Defcon to try his attacks on other lock brands, but he added, “I would not be particularly surprised if techniques similar to those I described would apply to other electronic safe locks, other electronic locks in general (e.g., door locks), or other devices that protect secrets (e.g., phones).” For the, a lock developed in the 1990s and still sold today, Plore noticed that when he entered any incorrect keycode he could deduce the correct code by simply monitoring the current being consumed by the lock. More stories • • • “What you do here is place the resistor in series with the battery and the lock, and by monitoring voltage across that resistor we can learn how much current the lock is drawing at any particular time.

And from that we learn something about the state of the lock,” Plore explained. As the lock’s memory checked the input against its stored number sequence, the current on the data line would fluctuate depending on whether the bits storing each number in the code were a 0 or a 1. This essentially spelled out the correct key code until Plore had all of its digits in sequence and could just enter them to unlock the safe.

Bafflingly easy. For the second demonstration, he experimented with a newer lock, the.

This model has a more secure electronics configuration so Plore couldn’t simply monitor power consumption to discover the correct keycode. He was able to use another side-channel approach, though, a timing attack, to open the lock. Plore observed that as the system checked a user code input against its stored values there was a 28 microsecond delay in current consumption rise when a digit was correct. The more correct digits, the more delayed the rise was. This meant that Plore could efficiently figure out the safe’s keycode by monitoring current over time while trying one through 10 for each digit in the keycode, starting the inputs over with more and more correct digits as he pinpointed them.

Plore did have to find a way around the safe’s “penalty lockout feature” that shuts everything down for 10 minutes after five incorrect input attempts, but ultimately he was able to get the whole attack down to 15 minutes, versus the 3.8 years it would take to try every combination and brute force the lock. “Burglars aren’t going to bother with this. They’re going to use a crowbar or a hydraulic jack from your garage or if they’re really fancy they’ll use a torch,” Plore said. “I think the more interesting thing here is [these attacks] have applicability to other systems. We see other systems that have these sorts of lockout mechanisms.” Plore said that he has been trying to contact Sargent and Greenleaf about the vulnerabilities since February. WIRED reached out to the company for comment but hadn’t heard back by publication time. Even though no one would expect this type of affordable, consumer-grade lock to be totally infallible, Plore’s research is important because it highlights how effective side-channel attacks can be.

They allow a bad actor to get in without leaving a trace. And this adds an extra layer of gravity, because not only do these attacks compromise the contents of the safe, they could also go undetected for long periods of time. • Author: Andy Greenberg. • Date of Publication: 08.05.16. 08.05.16 • Time of Publication: 10:47 am. 10:47 am Fake Boarding Pass App Gets Hacker Into Fancy Airline Lounges As the head of Poland’s, Przemek Jaroszewski flies 50 to 80 times a year, and so has become something of a connoisseur of airlines’ premium status lounges.

(He’s a particular fan of the Turkish Airlines lounge in Istanbul,.) So when his gold status was mistakenly rejected last year by an automated boarding pass reader at a lounge in his home airport in Warsaw, he applied his hacker skills to make sure he’d never be locked out of an airline lounge again. The result, which Jaroszewski plans to present Sunday at the Defcon security conference in Las Vegas, is a simple program that he’s now used dozens of times to enter airline lounges all over Europe. It’s an Android app that generates fake QR codes to spoof a boarding pass on his phone’s screen for any name, flight number, destination and class. And based on his experiments with the spoofed QR codes, almost none of the airline lounges he’s tested actually check those details against the airline’s ticketing database—only that the flight number included in the QR code exists.

And that security flaw, he says, allows him or anyone else capable of generating a simple QR code to both access exclusive airport lounges and buy things at duty free shops that require proof of international travel, all without even buying a ticket. • • Boarding pass hacker Przemek Jaroszewski. Andy Greenberg Fake boarding passes are hardly a new hacker trick. Cryptographer Bruce Schneier wrote about the technique to make them back and privacy activist Chris Soghoian was investigated by the FBI for creating a website that the fake passes. But Jaroszewski’s Defcon talk is intended to point out that even now, a decade later, the boarding pass security issue persists, and in some ways is easier than ever to exploit thanks to airports’ use of automated QR-code readers. “Literally, it takes 10 seconds to create a boarding pass” on a smartphone, says Jaroszewski.

“And it doesn’t even have to look legit because you’re not in contact with any humans.” In the video below, Jaroszewski shows how he enters fake credentials into his app—his go-to pseudonym is Bartholomew Simpson—generates a QR code for a boarding pass with them, and uses it to bypass a QR-code-checking gate and enter the Turkish Airlines Istanbul lounge. Jaroszewski admits he hasn’t tested the trick outside of Europe, and he’s not sure how often it would work in American airports, which may sometimes use improved boarding pass authentication systems at lounges. He’s also never used the trick to attempt to fly under a false name, a more serious stunt he says would likely be foiled by more stringent checks at the departure gate. Jaroszewski’s trick doesn’t represent much of a real security risk, either.

Anyone who uses it would still have to go through physical security, including metal detectors or millimeter wave scanners, so it would probably not work to enter an airport without a real boarding pass. Its real utility lies simply in accessing elite areas within an airport, not in attacking one or getting onto a plane. WIRED reached out to both the TSA and the International Air Transport Association (IATA) for comment, and both said any such boarding pass security flaw would be the airlines’ issue. “A forged BCBP will not entitle the person carrying it with any right to travel, nor will it create any confusion with an airline’s system where the official information is stored,” cautioned the IATA. A spokeperson for the airline industry group Airlines for America wrote to WIRED in a statement that “airlines are constantly looking at new and emerging technologies designed to enhance the customer experience, while ensuring well-defined security measures and best practices are in place.” In the European airports where Jaroszewski has tried his technique, he says he’s never even used his fake QR codes to access a lounge he didn’t already have the right to access, or to buy duty free goods when he wasn’t traveling internationally; he warns those two actions would likely be illegal.

Even so, he’s successfully tested his fake QR codes repeatedly with only a few failures. And he admits he once even used his program to create a QR code for a friend who didn’t share his elite airline status when they had a 7-hour layover in Istanbul, so that both of them could hang out in Turkish Airlines’ swanky lounge.

“I just said, I’ll send you the QR code,” Jaroszewski says carefully. “If you want to use it, you use it.” Jaroszewski isn’t publicly releasing his boarding pass QR code spoofing software. He says he’d rather avoid the FBI that followed Chris Soghoian’s release of a similar tool 10 years ago. But he argues it would be “very easy” for motivated hackers to recreate the app, which he says consisted of about 500 lines of javascript. For a hacker willing to do a little coding—and illegal trespassing—it may offer a chance to score a small, subversive win against the global frequent-flying elite. • Author: Lily Hay Newman.

• Date of Publication: 08.04.16. 08.04.16 • Time of Publication: 9:20 pm. 9:20 pm Apple’s Finally Offering Bug Bounties—With the Highest Rewards Ever Finally, Apple is starting a bug bounty program.

The company is late to the growing trend of this type of initiative, which offers rewards to researchers who discover and submit security vulnerabilities for companies to preemptively patch. But Ivan Krstic, Apple’s head of security engineering and architecture, announced at Black Hat on Thursday that the company will launch an incentive structure in September. And in fact, by offering up to $200,000 for some discoveries, it seems to be the highest corporate bounty ever. Pressure for Apple to do this has been mounting for months.

In the fallout from its battle with the FBI, for example, Apple took flack from. They speculated that the FBI had only ultimately been able to find a third party to exploit iPhone security because Apple had no incentive in place to encourage researchers to share that information directly with Apple. Apple got the message. “We’ve had great help from researchers like you in improving iOS security all along,” Krstic told the crowd at Black hat. “Feedback that we’ve heard pretty consistently both from my team at Apple and also from researchers directly is that it’s getting increasingly more difficult to find some of those most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple.”.

More Stories • • • At the high end, the program will pay out up to $200,000 for vulnerabilities found in Apple’s secure boot firmware components—the fundamental first protection that keeps your devices safe. To get this much, researchers would have to find vulnerabilities in the “secure boot” mode of the software that coordinates all functions. A malicious hacker exploiting such a vulnerability could cause real harm,hence the large number. To put that figure in perspective, Microsoft for Windows 10 vulnerabilities, and companies like and pay out large total sums, but these are comprised of many smaller rewards given out over time. These programs are an alternative to the large rewards hackers can get from government agencies or in the third-party. “We go to tremendous lengths when it comes to engineering these security systems that provide trust in how we protect user data,” Krstic said. Guitar Effect Patches For The Korg Ax3000g Settings On My Computer on this page. “We’re fortunate that we’ve earned trust from our customers, but we realize that that’s something we have to keep earning.” In addition to the top reward, Apple says it will pay up to $100,000 for extraction of confidential material protected by the Secure Enclave Processor, up to $50,000 for executions of arbitrary code with kernel privileges, up to $50,000 for access to iCloud account data on Apple servers (ahem, ), and up to $25,000 for access from a sandboxed process to user data outside of that sandbox.

This is good news for consumer security, but it’s late. When Microsoft launched its bug bounty program in 2013, it was given a hard time for waiting so long. Apple is launching now because it has no other choice. Still, if you’re going to be late, at least go big. And Apple is. • • Windows XP still proudly in use at McCarran International Airport in Las Vegas. WIRED Lily Hay Newman Windows XP is not exactly what you want to be greeted by after a soul-crushing plane ride, but there it was at McCarran International Airport in Las Vegas last night.

Microsoft has been trying to of the 15-year-old operating system for years now, but the cost of upgrading legacy enterprise software and simple lack of awareness keeps XP in important places where it definitely shouldn’t be, like airports and. Since Microsoft two years ago, it doesn’t get security updates anymore, putting computers still running it at serious risk. Some organizations,, have been so desperate to buy time that they’ve actually paid Microsoft to keep supporting their XP machines for a little bit longer. But if you’re not paying you’re not protected. And by, XP is still the third most popular operating system by market share.

• Author: Lily Hay Newman. Lily Hay Newman • Date of Publication: 08.04.16. 08.04.16 • Time of Publication: 5:46 pm. 5:46 pm At Black Hat, a Reminder That Decryption Can’t Be Legally Mandated What kind information can the US legally demand that a company hand over? And under what circumstances? And which laws give the government and law enforcement those rights? Eh, it’s not currently very clear, as was recently proven by the over unlocking one of the San Bernardino shooters’ iPhones and the death of after its founder refused to produce its Secure Sockets Layer (SSL) private keys for an FBI probe.

That confusion is troubling but can also be a good thing for companies who receive requests that they do not want to comply with, for whatever reason. “If you’re ever asked to do something like this, you have a lot of strong legal arguments to say no,” said Jennifer Granick, the Director of Civil Liberties at the Stanford Center for Internet and Society in a Black Hat talk on Thursday. Granick and her Stanford colleague Riana Pfefferkorn, a Cryptography Fellow, ran down relevant laws and what’s currently known about their parameters and limits. They suggested that companies should plan ahead and assume that law enforcement agencies will eventually send them some kind of technical request—if they haven’t already.

And preparation starts with how products are designed. “No one is obligated to build in decryption capabilities,” Granick noted, meaning that it is much harder for law enforcement to compel a company to decrypt data that it doesn’t have any type of privileged access to. “You need to be thinking through these design decisions,” Pfefferkorn added. “You can’t be compelled to hand over data that you don’t collect.” Very true. Finally toward the end of the talk, Granick said, “End-to-end encryption is legal.

Period.” The crowd broke into spontaneous applause. • • Melina Mara/Washington Post/Getty Images Hillary Clinton doesn’t usually get much love from the hacker elite. This is a presidential candidate, after all, whose idea of securing classified emails was to keep them on a, and when asked if she’d “wiped” that computer, “with a cloth or something?” But in an election year when her opponent is Donald Trump—and a group of very active Russian cyberspies whom Trump has publicly encouraged—Clinton has scored a surprising first: a hacker fundraiser. On Wednesday night, at the Black Hat security conference in Las Vegas, Clinton backers held a political event that was unprecedented for one of the biggest hacker gatherings in the world, inviting attendees to an evening of drinks at Vegas’ Mandalay Bay hotel and casino with a minimum donation of $100 to the Clinton campaign. Though Clinton herself didn’t attend, several dozen people packed into the small Mexican restaurant where the fundraiser was held anyway, many giving the maximum legal donation of $2,700, according to the fundraiser’s organizer, former Obama administration official Jake Braun. And from Braun’s opening remarks, he used the and Trump’s as a rallying cry for Clinton, and a point against a candidate with a dangerous ignorance of cybersecurity issues.

“The Russians have hacked the elections in Georgia and Kygyrzstan and the Ukraine. Who’s to say they’re not going to do it here? I mean, my god, they already have,” Braun, a political consultant, Obama campaign staffer, and former White House liaison to the Department of Homeland Security, told the small crowd. “We all know this.

We need to make sure the world knows this, and that Donald Trump and his affiliates know it’s not OK to tell the Russians they can come and hack our democracy.” Among the attendees in the political event’s audience were Facebook chief security officer Alex Stamos and Chris Wysopal, the founder of security firm Veracode and a member of the legendary hacker collective the. Later, Jeff “The Dark Tangent” Moss, founder of both the Black Hat conference and the much larger hacker conference Defcon, made his own remarks in support of Clinton at the start of the two hour event.

“I swore an oath to uphold the Constitution, and what’s happening is really fucking scary,” Moss told the small crowd, referring to a position he’s held since 2009 on the advisory council of the Department of Homeland Security. Moss acknowledged that holding a political event at Black Hat had generated controversy among the gathering’s typically nonpartisan crowd. He said he’d received a flood of emails, about one in four of which attacked him for politicizing the conference—despite Black Hat’s official insistence that the private fundraiser was held independently from the conference itself. “One friend asked me, ‘If Trump held an event, would you speak at that?’ If the Republicans had a cybersecurity policy, I’d seriously consider it,” Moss added, describing himself as an independent. “But they don’t have a policy. They don’t have a platform.

And they don’t have anything organized.”. More stories • • • It wasn’t only former democratic officials who spoke up at the event; so did Jason Healey, a former cybersecurity advisor to George W. Bush’s White House. “I’m a technocrat. I care about seeing the right things get done,” Healey said. “But in this election, you can’t sit back and say anymore that whoever the president’s going to be, I’ll serve them. It’s time to get involved in the campaign.” In any other election, it’s difficult to imagine even a small group of Black Hat’s attendees coming together to so vehemently support any political candidate or party.

And Clinton’s campaign statements haven’t always ingratiated her to the hacker world: She’s and said she believes he should return to the US to face legal charges. And she’s called for a “Manhattan Project” to create an encryption technique that would, placing herself in opposition to most encryption experts who see any such crypto backdoor as a critical flaw in data protections. But Trump has made a series of statements that have been far more frightening and appalling for many in the cybersecurity and national security communities. Last month he repeated to the New York Times his from invasion from foreign powers like Russia.

MSNBC he’s repeatedly asked advisors why the U.S. Shouldn’t use its nuclear arsenal. After Russian hackers were revealed to have breached the Democratic National Committee last month, Trump’s glib request to the hackers to leak Clinton’s deleted emails from her time as Secretary of State earned him another level of disdain from cybersecurity experts.

And Braun, the organizer of Clinton’s Black Hat fundraiser, says he saw an opportunity to refocus his efforts to assemble support from the cybersecurity community around that remark. “Donald Trump and Russia are my best fundraising tools ever,” Braun told WIRED.

Thank you so much Thank you so much for this video. Sandleford distribute these safes (ES20) at Bunnings hardware in Australia. I bought one 3 years ago and the crappy batteries died. I kept all the paperwork with the safe, noting the model, serial & Key numbers.

I’ve misplaced the key and called Sandleford customer service in Melbourne on 03 9786 0055 and asked them to send me a key, as instructed in the paperwork. Well, I was told that “they don’t distribute keys for that model, and your going to have to get a.

How to break into digital safes This tutorial shows you how to break into a digital safe. The technique uses a design floor in the safes often found in hotels or homes.

This works on many digital safes however it will not work on all safes. Step 1 Turn the Dial the Wrong Way The first step is to find out which way the dial should be turned. It is usually clockwise. Then turn the dial the incorrect way. This is to make sure the 'pin' locking the sliding bolt is free to move. Step 2 Hit the Safe I admit this may sound silly, but you should hit the safe firmly with either your hand, a rubber mallet, or other object.

This will move the 'pin' that obstructs the sliding bolt for a split second. Step 3 Turn the Dial the Correct Way A split second later, turn the dial the correct way. If the 'pin' is down, the sliding bolt will move ad the dial will turn all the way around, opening the safe. Step 4 If the Safe Does Not Open, Repeat It may take a few attempts to open because the timing is very particular. If you cannot open the safe by using your hand, try using a mallet.