Electronic Safe Fail: Common Vulnerabilities in Electronic Safes

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 28, 2013, 9:30 a.m. (25 minutes)

Commonly safes are used in IT to secure backup tapes, certificate roots, and other sensitive material. This talk will demonstrate that many of the safes used to secure these sensitive materials are ineffective.

Today there are many varieties of electronic safes that utilize a VERY weak mechanism to physically lock the safe. In many cases there are ways to open the safe in less than a minute that leaves no evidence behind. (Sometimes only a few seconds) This talk will cover my experience discovering the flaw and dealing with a safe vendor to issue a fix, then discovering the inadequacies of the fix itself and vendor’s continuing ignorance of the problem with most electronic locks.

Fixing these problems is relatively easy. There will be general instruction on how to fix the problems and what needs to be done by the vendors to make safes well… safer.


  • Jeff Popio
    I currently work for the State of Ohio specializing in Vulnerability Assessment. I break things… Make observations… and fix stuff occasionally. Regrettable certifications include: CISSP, CEH, CCNA, RHSCA @jpopio


Similar Presentations: