Fri Oct 17, 2014 11:40 am
Yikes, something to be aware of
At a recent security conference a speaker demonstrated a hack in which she used a handheld radio and a directional antenna to interfere with the tiny transformers inside hair dryers and GFCI wall sockets resulting in them either a) breaking, or b) catching fire. She could control which would occur based on how long she transmitted.
This is nothing more than inducing a voltage in a coil of wire by hitting it with an electromagnetic field. That got me thinking about solenoids (like you find in almost every electronic keypad safe on earth). That's just a coil of wire...
So I busted out a solenoid salvaged from just such a safe, a multimeter, and a handheld radio (5 watt output, crappy omnidirectional antenna). Using this cobbled together rig I was able to induce 0.1V in the solenoid. I had to experiment with a lot of frequencies to find the one that gave that much induction (NO, I will not be publishing it). Most frequencies I tried only induced about 0.04 V or thereabouts. The omnidirectional antenna wastes more than half of your output power by sending it in directions other than the safe. A directional antenna would send around 80% of your output power to the target.
Since most such solenoids need at least approximately 4.2-4.5 V to activate, I would need to improve output a lot. But this could be accomplished by getting a higher wattage radio ($450 for a 50W rig, $950 for 100W), switching to a directional antenna ($30 give or take), and finding a more effective frequency (Free if possible).
You would have to have physical access to the safe or else unlocking it temporarily is pointless and the metal of the safe itself would serve as a pretty effective shield. However, I have seen that most cheap safes (the kind that would have a solenoid instead of a mechanical lock) have to cut a hole about the size of a quarter through the metal to pass wires through to the keypad and batteries. Some have even larger holes that are just covered by the plastic cover that houses the batteries. In theory(but not yet in practice) these can all be opened with a radio.
On the other hand, if you aren't careful, you could just melt the solenoid and then nobody gets it without destructive entry.
The point is not that all these safes are now hopelessly compromised, but this data is out in the wild now. I've already seen chatter about using this technique to disable cars by interfering with the ignition timing. It won't be long before someone besides me realizes it could be used to open safes. This is something that safe technictians, designers, and security professionals will have to consider in the future. {sigh}.
This is nothing more than inducing a voltage in a coil of wire by hitting it with an electromagnetic field. That got me thinking about solenoids (like you find in almost every electronic keypad safe on earth). That's just a coil of wire...
So I busted out a solenoid salvaged from just such a safe, a multimeter, and a handheld radio (5 watt output, crappy omnidirectional antenna). Using this cobbled together rig I was able to induce 0.1V in the solenoid. I had to experiment with a lot of frequencies to find the one that gave that much induction (NO, I will not be publishing it). Most frequencies I tried only induced about 0.04 V or thereabouts. The omnidirectional antenna wastes more than half of your output power by sending it in directions other than the safe. A directional antenna would send around 80% of your output power to the target.
Since most such solenoids need at least approximately 4.2-4.5 V to activate, I would need to improve output a lot. But this could be accomplished by getting a higher wattage radio ($450 for a 50W rig, $950 for 100W), switching to a directional antenna ($30 give or take), and finding a more effective frequency (Free if possible).
You would have to have physical access to the safe or else unlocking it temporarily is pointless and the metal of the safe itself would serve as a pretty effective shield. However, I have seen that most cheap safes (the kind that would have a solenoid instead of a mechanical lock) have to cut a hole about the size of a quarter through the metal to pass wires through to the keypad and batteries. Some have even larger holes that are just covered by the plastic cover that houses the batteries. In theory(but not yet in practice) these can all be opened with a radio.
On the other hand, if you aren't careful, you could just melt the solenoid and then nobody gets it without destructive entry.
The point is not that all these safes are now hopelessly compromised, but this data is out in the wild now. I've already seen chatter about using this technique to disable cars by interfering with the ignition timing. It won't be long before someone besides me realizes it could be used to open safes. This is something that safe technictians, designers, and security professionals will have to consider in the future. {sigh}.
