DEF CON 23 - Hacking Smart Safes: On the "Brink" of a Robbery

Have you ever wanted to crack open a safe full of cash with nothing but a USB stick? Now you can!

The Brink’s CompuSafe cash management product line provides a “smart safe as a service” solution to major retailers and fast food franchises. They offer end-to-end management of your cash, transporting it safely from your storefront safe to your bank via armored car.

During this talk, we’ll uncover a major flaw in the Brink’s CompuSafe and demonstrate how to crack one open in seconds flat. All you need is a USB stick and a large bag to hold all of the cash. We’ll discuss how to remotely takeover the safe with full administrator privileges, and show how to enumerate a target list of other major Brink’s CompuSafe customers (exposed via configuration files stored right on the safe).

At any given time, up to $240,000 can be sitting in each of the 14,000 Brink’s CompuSafe smart safes currently deployed across the United States - potentially billions of dollars just waiting to be stolen.

So come ready to engage us as we explore these tools and more in this DEMO-rich presentation. And don’t forget to call Kenny Loggins… because this presentation is your highway to the Danger Zone…

Note - This presentation is about exposing flaws in the Brinks’s Compusafe to improve security and allow pentesters to demonstrate these flaws to their customers. Please use this information responsibly.

Security Associate Dan Petro and Senior Security Associate Oscar Salazar present at DEF CON 23 - Hacking Smart Safes: On the "Brink" of a Robbery