Using a cheap robot, a team of hackers has cracked open a leading-brand combination safe, live on stage in Las Vegas.
The team from SparkFun Electronics was able to open a SentrySafe safe in around 30 minutes.
The robot is able to reduce the number of possible combinations from one million to just 1,000, before quickly and automatically trying the remaining combinations until it breaks in.
After the robot discovered the combination was 51.36.93, the safe popped open - to rapturous applause from the audience of several hundred hackers.
SparkFun’s Nathan Siedle told the BBC: "That was one of the scariest things we’ve done. Lots of things can go wrong, and this was a very big audience.
"We’re really happy it opened up.”
A spokeswoman for SentrySafe could not be reached on Friday.
But speaking to Wired magazine earlier this month, when the team demonstrated its method on a smaller safe, a spokeswoman for the safe maker said: "In this environment, the product accomplished what it was designed to do.
“[It] would be realistically very difficult, if not impossible, for the average person to replicate in the field.”
Budget bot
The latest demonstration was performed at Def Con, the largest gathering of underground hackers in the world.
The SparkFun team was not able to travel with a weighty safe, and so bought a new one that was opened up for the first time on stage.
The team joked the safe could have been cracked sooner - but they had to fill their 45-minute time slot.
The robot, which cost around $200 to put together, makes use of 3D-printed parts that can be easily replaced to fit different brands of combination safe.
It cannot crack a digital lock - although vulnerabilities in those systems have been exposed by other hacking teams in the past.
Lost combination
The team’s work began when Mr Siedle’s wife Alicia bought a safe on eBay that was cheap due to the previous owner not knowing what the combination was.
“She gave it to me for Christmas,” Mr Siedle said.
The mechanism in the safe consists of three dials which, when aligned, allow the safe to be opened. Each dial can be any two digit number - meaning one million potential combinations.
But the robot doesn’t simply try every combination. It is able to suss out one of the dials within 20 seconds by detecting the size of indents on the dial. In simple terms, the “solution” indent is slightly larger than the “incorrect" indents. In the demonstration, this method meant the team discovered the third and final number was 93.
The other two dials cannot be measured - but eliminating one greatly reduces the number of possible combinations.
It was made easier when the team also discovered that the safe’s design allows for a margin of error to compensate for humans getting their combination slightly wrong.
For example, if one dial is set to open at 14, using 15 and 13 will work as well. It meant the robot could check every third number, making it possible to quickly test the remaining combinations much faster than a human being.
Using this method, they could cut down the number of possible combinations to around 1,000 - a far more manageable challenge.
Bic pen
Before the attempt, Mr Siedle told the BBC the robot could be easily adapted to tackle any combination safe.
“We designed it for a particular type of safe, but it doesn’t really matter - you can actually 3D-print a coupler that can match any safe that you may have.”
Some SentrySafe models come with an additional lock and key, but the team was able to unlock it by using a Bic pen.
“No matter how much money you spend on a safe… nothing is impervious,” Mr Siedle said.
Latest Stories
-
Fix depreciating Cedi urgently instead of securing new loans – Ato Forson to government
10 mins -
EC should take immediate steps to expand voter registration access – New Force
17 mins -
Women’s Premier League and FA Cup finals set for June 8 at University of Ghana Stadium
25 mins -
Parliament approves $150m loan to tackle Accra floods under GARID project
46 mins -
Banks deny engaging in practices contributing to cedi’s depreciation
58 mins -
Allow legal processes to take place in Kissi Agyebeng’s impeachment case – Vitus Azeem
1 hour -
Livestream: Newsfile discusses cedi depreciation and petition to remove Special Prosecutor
1 hour -
John Kumah to be buried today
1 hour -
It is impossible for EC to rig elections in Ghana – Deputy EC chair
2 hours -
Senegal’s Faye to help resolve Mali, Burkina Faso, and Niger’s impasse
2 hours -
Throwing cash in the air – Nigeria’s wedding dilemma
2 hours -
Bagbin donates public address system to Ghana Law School
2 hours -
TGMA should create a category for Acapella music – Alabaster Box group
2 hours -
Man nabbed for allegedly posing as Asantehene’s staff to fraud victims
2 hours -
Zoomlion sends 18 youths on landmark sanitation mission to Belarus and Russia
2 hours