At the annual Def Con conference in Las Vegas over the weekend, hackers from SparkFun Electronics demonstrated how a cheaply built robot can do something as complex cracking a branded combination safe with no human intervention at all.
The fully automated robot cracked open a SentrySafe (a product from a leading safe-maker) carrying three dials, all of which had to be aligned with any possible combination of two digit numbers.
Usually, cracking a safe like this would potentially mean trying out a million combinations, but the robot from team SparkFun brought that number down to 1,000.
It reduced the number of possible combinations by measuring the size of indents on the third dial. The indent for the correct digits was slightly larger than those for the incorrect ones. According to Wired, "The one that contained the slot for the correct combination was about a hundredth of an inch narrower than the other 11".
The number of possible combinations further went down as SparkFun found a major vulnerability in the SentrySafe. According to BBC, even if the safe is configured to open at 15, it would also take 14 and 16 to open the lock. Simply put, the robot only had to try every third number for the remaining two dials to reduce the number of possible combinations.
During the live demonstration, the robot figured out that the third and the final number was 93 for that particular safe. Then, it tried possible combinations of the other two dials and found the correct one - 51.36.93 - in less than 30 minutes.
"That was one of the scariest things we've done. Lots of things can go wrong, and this was a very big audience," SparkFun's Nathan Siedle told the BBC. "We're really happy it opened up."
The SparkFun team had spent $200 on parts - a $20 Arduino board, a $40 motor, an aluminum frame, sensors, magnets etc - to build the safecracking robot. They also used 3D printed components, which could easily be replaced to crack combination safes from various brands.
It could not crack digitally locked safes, but several other hacking teams have exposed vulnerabilities in those systems as well.