Zhou added in his claim that Securam will repair the vulnerabilities that Omo and Rowley found in future models of the pre -paced lock. “Customer security is our priority and we have started the process of creating following generation products to prevent these possible attacks,” he writes. “We expect to have new locks on the market by the end of the year.”
Photo: Round Churchill
In a follow -up call, Securam Director of Sales Jeremy Brookes confirmed that Securam has no plan to repair the vulnerability in locks already used in customers’ bags, but suggests that safe owners who care for, buy a new lock and replaces the one with his safe. “We won’t offer a firmware package that updates it,” Brookes says. “We will offer them a new product.”
Brookes adds that he believes Omo and Rowley “Singulas” Securam with the intention of “discrediting” the company.
Omo replies that this is not intended at all. “We are trying to make the public aware of the vulnerabilities in one of the most popular safe locks on the market,” he says.
A warning of a senator
Beyond Liberty Safe, Securam Prologic Locks are used by a wide variety of secure manufacturers including Fort Knox, High Noble, Fireing, Tracker, Prosteel, Rhino Metals, Sun Welding, corporate secure specialists, and pharmaceuticals safe companies Cennox and Narcsafe, according to OMO and Rowley’s research. The locks can also be found in SAFs used by CVS to store narcotics and numerous US restaurant chains to store money.
Rowley and Omo are not the first to raise concerns about the security of Securam locks. In March of last year, US Senator Ron Wyden wrote Open letter To Michael Casey, then-director of the national anti-intelligence and security center, prompting Casey to explain to US companies that secure locks made by Securam, owned by a Chinese parent company, have a manufacturer to restore capacity. This capacity, Wyden wrote, could be used as a back – risk, which has already caused securam locks to be banned for US government like all other locks with a manufacturer restored, even if they are widely used by private US companies.
In response to learning about Rowley and Omo’s research, Wyden wrote in a statement to Wired that the researchers’ findings represent exactly the risk of back – either in Safes or in encryption software – of which he tried to pay attention.
“Experts have warned for years that back rear backs will be exploited by our opponents, but instead of acting according to my warnings and those of security experts, the government has left the US public vulnerable,” Wyden writes. “This is exactly why the congress should reject calls for new rear backs in encryption technology and fight all the efforts of other governments, Like the UKforce US companies to weaken their encryption to facilitate government surveillance. ”
A resident
Rowley and Omo’s research began with the same care that mostly an unwanted unlocking method in SAFS could represent a wider security risk. They initially searched for the mechanism behind the freedom safe rear, which caused a counterattack against the company in 2023, and found a relatively direct response: Liberty Safe maintains a restoration code for each secure and, in some cases, makes it available to us bills.
Liberty Safe has since ever Written on its website That it now requires a quote, court order or other compulsory legal process to convey that master code, as well as remove its copy of the code at the request of a secure owner.
Rowley and Omo planned to reveal the existence of Securam’s vulnerabilities more than a year ago, but so far endured due to the company’s legal threats.Photo: Round Churchill
Rowley and Omo did not find any security damage that would allow them to abuse this particular bill. When they began examining the Securam Prologic Lock, however, their research on the higher version of the two types of Securam lock used on Liberty Safe products revealed something more intriguing. The locks have a reset method documented in their manual, intended theoretically for using locksmiths helping secure owners who have forgotten their unlock code.
Enter a “recovery code” into the lock – to “999999” by default – and it uses that value, another number stored in the lock called encryption code, and a third, random variable to compute code that is displayed on the screen. An authorized locksmith can then read that code to a Securam representative across the phone, which then uses that value and secret algorithm to compute a restore code that the locksmith can insert into the keyboard to set a new unlock combination.
