VAULTEK® WIRELESS ACCESS SECURITY UPDATE
On this page we will review Two Six Labs’ security research released December 6, 2017 and explain the vulnerabilities discovered and how they affect your safe.
The vulnerabilities Two Six Labs’ discovered include CVE-2017-17435 and CVE-2017-17436.
WHAT THIS MEANS
The vulnerabilities discovered, with some time, will allow an unauthorized user access to the safe. Two Six Labs identified key components for improvement and provided solutions for Vaultek™ to review and implement into their designs. We have since made revisions and are continuing to make updates for all future models released and planning a new firmware upgrade available for current customers.
HOW CAN IT HAPPEN
The vulnerabilities uncovered by Two Six Labs, a professional security firm, demonstrate how a hacker can gain unauthorized access to your safe by using a couple different methods. One method uses special equipment to “scan” communications with a synced smartphone and reinterpret the data, but requires a synced phone be actively communicating with the safe. The other method is an attack referred to as Brute Force, in which a coded program repeatedly tries to guess the safe’s access code. Either of these methods are not easily captured and require several factors to execute including time, the right equipment, and close proximity to the safe.
LOW RISK FACTOR
Due to the knowledge required to perform an attack, and be in close proximity to the safe the vulnerabilities are considered low risk.
The Wireless access feature in Vaultek™ safes is convenient for setting several safe settings and viewing the battery levels, and safes are equipped with the feature to toggle off the Wireless access connection altogether if customers are concerned with the risk.
Vaultek™ is taking immediate action with updated firmware that implements new time out features to exhaust Brute Force entry as well communication improvements to resolve vulnerability CVE-2017-17435, and with additional development time, CVE-2017-17436. This new firmware will be directly integrated into new production, as well as available to current customers interested in having the upgrade.
The Wireless access feature can be disabled altogether using the provided hotkey shortcut. This sequence is listed in your manual for specific instructions, and is a viable solution to eliminate the risk of any Wireless access attack and still maintain all other functions.
We are offering an upgrade service for your safe’s firmware at no charge and will cover the shipping costs. Please click the button below to apply and start the process.
Vaultek™ takes your personal security seriously and proudly stands behind its customers. We will continue to closely monitor our products and take any and all actions to keep our products safe.