Researchers Hack Popular Bluetooth Gun Safe

Now-patched vulnerabilities allowed widely-popular gun safe to be easily exploited

Mikael Thalen
December 8, 2017

Security researchers this week revealed three vulnerabilities that allowed one of the most popular Bluetooth gun safes to be exploited and opened remotely.

In a blog post published Wednesday, researchers with Two Six Labs announced “BlueSteal” – a set of attacks that bypassed the Vaultek VT20i gun safe’s security features.

The Bluetooth-enabled safe, said to be one of the most popular on Amazon, is designed to only allow access to users with the correct pin code or paired cellphone utilizing the company’s app.

The first exploit, detailed in a video published by Two Six Labs, shows how a simple computer script was able to unlock the safe without the attacker knowing the pin code.

The researchers first discovered that unlimited attempts could be made to pair an Android phone to the safe without being rate-limited for giving incorrect pairing codes. Upon finding the code, Two Six Labs was not only able to open the safe from within the app as intended but also found that the same code was used to unlock the safe by hand as well.

  • A d v e r t i s e m e n t

In an attempt to see, if once paired, a brute force attack could be made against the safe, the team then crafted a python script that resulted in the safe quickly popping open.

“This vulnerability could have been prevented or mitigated if the application or safe had timeouts for incorrect retries, or enforced some maximum retry limit,” the researchers note.

The second vulnerability exploited the Android app’s failure to use encryption when communicating with the safe. Despite the company claiming to use strong encryption, the team says it was able to simply sniff the pin code out of the air.

“There is no encryption between the Android phone app and the safe,” the researchers added. “The…

Read more