Samy Kamkar recently published the blueprints and software code for a 3D-printable Arduinio-powered combination lock-opening robot.
Dubbed “Combo Breaker,” the ‘bot is capable of opening combination locks in under five minutes, although the cracking process can be reduced to just 30 seconds by determining the first number that offers resistance.
“The machine pretty much brute-forces the lock for you. You attach it, leave it, and it does its thing,” Kamkar told Wired’s Andy Greenberg.
“Without doing any work, this can open the lock entirely automatically in 80 combinations. If you do that one little test first [finding the first number], it can crack the lock in 8 combinations or less.”
According to Greenberg, Kamkar’s robot comprises little more than a stepper motor, an Arduino chip that runs his cracking algorithm, a lever to pull the shackle, a rotor with a 3-D printed attachment to the lock’s face and an optical sensor that tracks the location of the lock’s dial as it turns.
Kamkar says one of his goals in freely releasing the plans for the Combo Breaker is to highlight the vulnerabilities of low-end combination locks.
“Security people know about this, but the general public doesn’t,” he added. “I try to build things that are interesting to a general audience. And I hope getting this out there helps people make better decisions about the locks they use.”
Dr. Pankaj Rohatgi, Fellow, Hardware Security Solutions at the Cryptography Division of Rambus, told us that Kamkar’s Combo Breaker employs a technique analogous to side-channel attacks.
“Instead of trying out all combinations, the Combo Breaker, if configured correctly, uses measurements of the level of resistance to cut down the search for the right combination,” he explained.
“Side-channel attacks work in a very similar manner. The number of possibilities for the secret key being used for cryptographic operations is impossibly large to brute force. However, using the extra information from signals emitted from a cryptographic device, the attacker can significantly cut down the search for the right key.”
Interested in learning more about side-channel attacks? You can check out our article archive here and the official Rambus DPA Countermeasures page here.
Leave a Reply