Page 2 of 2
Re: Bypassing Electronic Safe locks
Posted:
Mon Apr 07, 2014 6:45 amby LockManipulator
mdc5150 wrote:Cheap electronic safe locks can often be bypassed and more often than not in less than a minute. Some of the better locks though will leave you having to drill.
Locks like Amsec and S&G will lock you out after three incorrect combo attempts. There is a 15 minute lockout time and any button pressed in that time resets the timer.
Do you know how to bypass the Amsec's and S&G's?
Re: Bypassing Electronic Safe locks
Posted:
Mon Apr 07, 2014 7:11 amby mdc5150
Daggers wrote:mdc5150 wrote:Cheap electronic safe locks can often be bypassed and more often than not in less than a minute. Some of the better locks though will leave you having to drill.
Locks like Amsec and S&G will lock you out after three incorrect combo attempts. There is a 15 minute lockout time and any button pressed in that time resets the timer.
Do you know how to bypass the Amsec's and S&G's?
I do not know of any bypasses for those. I am still learning a lot about safe openings though and have had to drill a couple of the S&G locks. It all boils down to knowing where to drill.
Re: Bypassing Electronic Safe locks
Posted:
Wed Jun 18, 2014 11:38 pmby jones
Daggers wrote:mdc5150 wrote:Cheap electronic safe locks can often be bypassed and more often than not in less than a minute. Some of the better locks though will leave you having to drill.
Locks like Amsec and S&G will lock you out after three incorrect combo attempts. There is a 15 minute lockout time and any button pressed in that time resets the timer.
Do you know how to bypass the Amsec's and S&G's?
Amsec bypass is easy, once you have registered your company with them. They will give you a series of code to enter into the lock, if the safe hasn't received it's dedicated combo it will reset to it's original factory setting. Some of the easiest money I have made opening safes except for the batteries
Some distributors will be happy to help with lost combos on safes they stock.
Re: Bypassing Electronic Safe locks
Posted:
Sun Feb 11, 2018 5:04 pmby Simon Dog
Most of the consumer/commercial grade electronic safe locks "leak" information via such things as very subtle differences in current draw, time to beep, etc.depending on the validity of an entered digit. Taylor Security sells an interesting gadget (The "Phoenix'") for aboout $3000 that uses this leakage to open these in about 15 minutes for $3000. I asked the regional S&G salesman if the claim that this will open an S&G Titan without the combination in 15 minutes and the answer was "Yes, you are very likely to run into a crook with one of those tools".
With the development of the Phoenix, I am surprised that these locks have been able to keep their UL Group I rating.
The exceptions are the GSA rated locks like the Kaba Mas -## series and the S&G 2740B.
Re: Bypassing Electronic Safe locks
Posted:
Sun Feb 11, 2018 7:02 pmby MartinHewitt
I guess this is due to commercial interests. The cost of certification should be low. In Europe I think it costs 1500 to 3000 Euro. That's not enough to analyse and attack an electronic lock in the way of the Phoenix tool. If something is certified then cancelling that would be a statement of error in the certification process. And perhaps it is a weak spot in the test specification. In the European lock standard there is a building specification for key locks which removes the need for an attack test, when the manufacturer implemented it. Unfortunately the building specification does not guarantee a lock which can resist picking for 15 minutes as required for level A. One could try to change the building specification so the result will be a lock resisting picking for 15 minutes. Or one can keep the building specification and adjust the target resistance. This has been done in the new standard draft. Level A locks are only required to resist picking for 5 minutes. These type of locks are good for safes with an insured value of 100000 Euro in Germany.
Re: Bypassing Electronic Safe locks
Posted:
Mon Feb 12, 2018 1:00 pmby Patrick Star
Sidechannel analysis (like measuring power draw or timing) isn't exactly a new concept - it's probably most well known for being used to attack smartcards (lots of not-extremely-technical people have even done it - think pirate satellite TV).
I'm surprised even many supposedly "good" locks aren't protected against it. Or maybe I shouldn't be too surprised, considering the average level of computer security when it comes to electronic access control...
IMHO, the big problem with relying purely on electronic locks is that it's very hard for the end-user to evaluate the security. With mechanical locks, you can open them up and at least be sure that they aren't backdoored and that the basic security features are there.
For people with advanced threat models I'd even consider electronic locks almost useless now that intelligence agencies regularly intercept hardware in shipping and backdoor it.
Re: Bypassing Electronic Safe locks
Posted:
Mon Feb 12, 2018 1:50 pmby MartinHewitt
Certification of safe lock: 3000 Euro
Certification of smart card: 300000 Euro
Re: Bypassing Electronic Safe locks
Posted:
Sat Feb 17, 2018 7:11 pmby Patrick Star
Is it really just 3000 EUR? Getting an alarm transmitter certified here sets you back around 30000 EUR, and that's not exactly rocket science (sending small messages over a network connection is pretty much a solved problem in the world of computers
).
And then they often fail miserably and certify utterly unreliable junk and/or things with severe security vulnerabilities... sigh.
Re: Bypassing Electronic Safe locks
Posted:
Sun Feb 18, 2018 3:39 amby MartinHewitt
See page 4:
http://www.ecb-s.com/_data/gbo_ecbs_01.2018_e.pdfActually it is 300000 Euro just for the smart card software. For the smart card hardware itself it is another probably 500000 Euro.