Spending a few dollars on a fireproof safe is generally a smart way to secure your valuables—unless you’re visited by a burglar who has a 3-D printer and and some spare time at home.
A group of “white hat” hackers from Sparkfun, a Boulder, Colorado, company that sells electronics and robotics parts, has created an easily replicated robot that can crack a safe—a bestselling safe regarded as one of the best values in the industry—in about an hour.
“My wife knew I was into locks and puzzles,” Sparkfun founder Nathan Seidle told The Daily Beast. “So Christmas last year, she bought me a safe off of Craigslist for $20. The owner had lost the combination.”
For fun, Seidle got to work assembling a bare-bones robot, which at first glance could pass for an Erector Set project, that can work a safe’s combination dial and pull on its handle. (Why’d he need a robot? Because: Safe. Cracking. Robot.)
Once he’d cracked the Craigslist safe, he went to his local Home Depot and Lowe’s to pick up a few SentrySafe SFW123 models. They retail for $159 and $169, respectively—not exactly top of the line, but considered solid bargains. Contrast that with, say, a higher-end Sargent and Greenleaf, whose locks come with what’s called a butterfly switch, which effectively masks the tiny bumps that this robot can detect.
Numbers on those safes range from 0 to 99, so a three-digit combination should require a million permutations. Each of the three digits in that combination has a disc, which in turn has a corresponding indentation. By applying pressure to the SentrySafe’s handle while turning the dial, a robot—or an extremely sensitive human hand—can feel where the handle moves slightly more when the dial is on the third digit in the combination.
On top of that, the SentrySafe is designed to account for the fact that a regular person isn’t going to easily and accurately hit one out of 100 possible numbers. So it’s built to be a little forgiving. If the first number in a combination is 17 but you actually dial or 16 or 18, it’ll still work.
In short, that means Seidle’s robot can quickly reduce the safe’s possible combinations to 1,089—33x33x1—meaning it takes, at most, 72 minutes to try each one. (Models from other manufacturers in a similar price range suffer from these same vulnerabilities.)
SentrySafe recently attempted to up its security by requiring a key to open some models. But it’s set up with what’s called a tube lock, widely regarded as the easiest types to crack, since they open when jammed with a pen that’s the right size.
Seidle broke SentrySafe’s with a Bic.
“This safe company, in order to upgrade the security of their safes, put a tubular lock on. Of all the lock technology you could have picked!” he said.
In the interest of full disclosure, Seidle has posted clear how-to instructions on his site for anyone who’d want to build the robot, hoping that it will spur SentrySafe to improve its design.
Thus far, the company has dismissed his findings as something that could only be replicated in a controlled environment. But if the safe’s internal parts were created with a little more precision—making it much harder for Seidle’s robot to detect how to turn the combination dial—it would take significantly longer to crack.