Robot Cuts Safe-Crack Time From Months To Minutes

A $200 robot cracked a safe in 30 minutes, thanks largely to exploiting weaknesses in a physical rather than digital lock. The safe makers say it would be difficult to replicate in a real attack.

The SentrySafe uses a combination with three pairs of digits, making for 970,299 different possible codes. A brute force attack – as in physically trying every possible combination rather than trying to damage the lock – would on average take several months to succeed.

Hacking group SparkFun Electronics, which demonstrated the attack at the Def Con security event, found two physical quirks in the lock that could make the task viable.

One quirk was actually part of a security measure. Human safecrackers often work by slowly turning the dial while pulling the handle and listening for when a rod slips into place in the lock rotor, showing the dial is in the correct position. The SentrySafe has twelve notches that stop the rod turning while the handle is pulled. However, it turned out that the notch that was in place when the correct number was obtained was around one-hundredth of an inch narrower than the others. While humans couldn’t take advantage, the robots were able to detect the difference.

That was enough to ‘solve’ one of the three dials. The hackers also discovered that the safe had a tolerance that meant the number either side of the correct one would still work. That meant the robot only needed to check every third number on the two remaining dials.

This meant the number of possible combinations to try was reduced to 1,089. The hackers also took advantage of the robot’s stability and nimble ‘fingers’ to make it possible to get round a reset mechanism that meant a human safecracker would need to return the dials to zero after each failed attempt. This cut each attempt down to a little under four seconds, in turn reducing the maximum solving time to 73 minutes. A previous demonstration succeeded in 15 minutes, while the Def Con demo took twice that time.

SentrySafe told WIRED:

In this case, there was a tremendous effort, uninterrupted time in a controlled environment, the right tools and significant technical knowledge needed to eventually manipulate the safe. In this environment, the product accomplished what it was designed to do and would be realistically very difficult, if not impossible, for the average person to replicate in the field.