Remarkable that anyone can easily open a "pistol storage case" sold at Amazon by remote control

In the USA of gun society cases are sold to keep guns so that children do not inadvertently touch the guns. It has been found that a high popularity gun storage case as a selling item on Amazon.com can be easily unlocked by remote control without any PIN code input.

BlueSteal: Popping GATT Safes - Two Six Labs | Advanced Analytics, Cyber ​​Capabilities, Tactical Mobility Solutions for National Security
https://www.twosixlabs.com/bluesteal-popping-gatt-safes/

Top-selling handgun safe can be remotely opened in seconds-no PIN needed | Ars Technica
https://arstechnica.com/information-technology/2017/12/top-selling-handgun-safe-can-be-remotely-opened-in-seconds-no-pin-needed/

The vulnerability that can unlock remotely is found in "BlueSteal Vaultek VT 10iGun storage case that it is. It is popular as a high-performance gun storage case compatible with PIN code authentication, fingerprint authentication, Bluetooth application, despite being relatively inexpensive as 230 dollars (about 26,000 yen), Amazon.com has an average of five stages "4.5 "We are attracting high praise.


However, security adviser Two Six Labs is an official blog announcing that VT 10i has a vulnerability to be unlocked remotely without PIN code entry.

You can check the state of unlocking the VT10i easily by using the MacBook Pro placed next to it in the following movie.

BlueSteal Vaultek Unlock Demo - YouTube


Enter specified script code on MacBook Pro.


When the script starts ......


VT 10i has opened and now you can access it.


Next, change the PIN code to the number "12345".


Running the same script ... ...


Successful unlocking without difficulty.


According to an engineer at Two Six Labs, this vulnerability is a vulnerability to the lack of security measures of Bluetooth function of VT 10i. "Anyone can unlock the VT 10i in just a few seconds if you can write a script." In addition, ArsTechnica says, "Most of the important information to write a script to unlock the VT10i is in the official blog of Two Six Labs, and programmers can compensate for missing information themselves for as little as an hour You can create an unlock script, "he says.

Incidentally, one of the reasons for unlocking by remote control is that the Bluetooth function is not encrypted. In addition to this, it is pointed out that VT 10i is a security vulnerability in that anyone can try unlimited attempts to pair Bluetooth. In addition, the VT 10i can specify a maximum of 8 digits PIN code, but since the numbers can only be used from 1 to 5, the PIN code is limited to about 390 thousands of the 5th to the 8 th power at the maximum, Given that many codes are less than 8 digits, the risk of unlocking is high.

According to the vulnerability included in the Bluetooth function, Vaultek reveals that it is planning to update the firmware, according to a technician at Two Six Labs "VT 10i does not seem to have a firmware update mechanism That thing. Therefore, there is concern that there is no way to eliminate the vulnerability without recalling the product.

Furthermore, at Two Six Labs, users of VT 20i are alarming that it is necessary to immediately turn off Bluetooth connection to safely store guns and valuable items.