Handgun safe was opened without autogenous welding

Researchers at Two Six Labs discovered several serious vulnerabilities of the Vaultek's handgun safe VT20i. Vaultek VT20i safe is a small suitcase made from high strength steel designed for safe storage of handguns and is a bestseller on Amazon. However, while it does provide reliable security to physical coercion, manufacturers clearly neglected cyber defense. The safe supports Bluetooth connection and allows entering the access code on the panel on the device itself or on the paired mobile phone using a special app.

Experts at Two Six Labs discovered that the data exchange between a mobile phone and Vaultek VT20i is not encrypted and the same code is used to create a Bluetooth pair and open the safe. This gives potential criminals several opportunities for an attack. For example, they can intercept Bluetooth traffic if they are physically close to the safe and get the access code. They can also organize a brute force attack, since the safe doesn't limit the number of pairing attempts. Representatives of Two Six Labs notified Vaultek about the vulnerabilities. Developers have already released necessary updates. It also actively encourages the buyers to contact support and solve the problem.


source:  Technical Center of Internet

Back to the list