A top selling electronic gun safe was found to be vulnerable to brute force attacks that could allow someone nearby to remotely open the unit.
The Bluetooth enabled the Vaultek VT20i, one of Amazon's top selling handgun safes, is designed to be opened using either a manually entered PIN code or from the safe owner's phone using a mobile app.
Researchers at Two Six Labs developed what they are calling “BlueSteal” to leverage multiple security failures in the safe including CVE-2017-17435, which involves a lack of encrypted communication, and CVE-2017-17436, which involves a failure of pin code verification, to remotely open the device without the app or knowing the PIN, according to a Dec. 6 blog post.
The attack was also enabled as a result of the device allowing for unlimited pairing attempts with the safe and using a pairing pin code that is the same as the unlocking pin code. Researchers notified the manufacture on October 6, 2017 and were notified a month later that the company had reviewed the findings and updated the devices with “improved Bluetooth security” along with the option to disable the Bluetooth unlock feature.
Vaultek is offering free upgrades and encourages concerned users to contact their support team for details.