Connected safe maker Vaultek issues security update after researchers discover Bluetooth vulnerability

Connected safe maker Vaultek issues security update after researchers discover Bluetooth vulnerability

Vaultek is a company that manufactures Bluetooth-connected safes for valuables and firearms — things that you really want to make sure are secured. When we came across one of their products on Indiegogo last year, we noted that crowdsourced Internet of Things devices have a troubling history of being insecure. Recently, security firm Two Six Labs picked up one of Vaultek’s connected safes, and demonstrated that it can easily be cracked open.

The security company tested out a Vaultek VT20i safe, which owners can lock with a PIN and pair with an Android App. The app uses a pairing code that is the same as the PIN, and allows an unlimited number of attempts to get in. The lab was able to write a program to use brute force to guess the password. Furthermore, the researchers found that the connection between the phone and the safe aren’t encrypted (contrary to the Vaultek’s claims), meaning that the information could be intercepted. They also discovered that the safe doesn’t verify a PIN code coming from the paired phone, which means that it can be unlocked with the right command, even if the PIN is incorrect.

The lab published its findings in a blog post after Vaultek issued issued a firmware update that capped the number of attempts for the PIN, and encrypted the transmissions between the app and safe.

Next Up In

Tech

Read Original Article

Otaku,Cats lover and of course the founder of www.pr0t3ch.com “When life gets hard.. just Watercool and OVERCLOCK !”
×
Otaku,Cats lover and of course the founder of www.pr0t3ch.com “When life gets hard.. just Watercool and OVERCLOCK !”
Show More

wajdi1987

Otaku,Cats lover and of course the founder of www.pr0t3ch.com "When life gets hard.. just Watercool and OVERCLOCK !"

Related Articles

Leave a Reply

Close
Close

Adblock Detected

Please consider supporting us by disabling your ad blocker