Hackers start looking for the back doors of high-security safes, and now they can be opened in seconds
Zhou added in his statement that Securam will fix vulnerabilities found by Omo and Rowley in the future model of prologue locks. “Customer security is our top priority and we have begun the process of creating the next generation of products to foil these potential attacks,” he wrote. “We expect new locks by the end of this year.”
Photo: Ronda Churchill
Securam sales director Jeremy Brookes confirmed on a follow-up call that Secuream has no plans to fix the vulnerability in locks that are already in use on customers’ safes, but advised those worried security owners to purchase a new lock and replace one on their safes. “We won’t offer a firmware suite to upgrade it,” Brooks said. “We’ll provide them with new products.”
Brooks added that he believes Omo and Raleigh are “picking out” Securam with the goal of “smearing” the company.
The OMO answer was not their intention at all. “We are working to make the public aware of the vulnerability of one of the most popular security locks on the market,” he said.
Senator’s warning
In addition to Free Security, Securam Prologic Locks is also made up of various security manufacturers including Knox Fort, Noble, Fireking, Tracking, Prosteel, Rhino Metals, Sun Welding, Corporate Safe experts, and Pharmacy Safe Companies Cennox and Narcsafe. These locks can also be found on safes used by CVS, where narcotics are stored, as well as cash storage by several American restaurant chains.
Rowley and Omo weren’t the first to raise concerns about the safety of Securam locks. Last March, U.S. Senator Ron Wyden wrote an open letter to Michael Casey, then director of the National Center for Counterintelligence and Security, urging Casey to make it clear to U.S. companies that the security locks made by Secuream, owned by Chinese parent company, have manufacturer reset capabilities. Wyden wrote that this capability could be used as a backdoor – a risk that has led to Searam locks being banned from using like all other locks that the manufacturer resets, even if they are widely used by private U.S. companies.
To understand Roley and Omo’s research, Wyden wrote in a statement that the researchers’ findings fully represent the risk of the backdoor he was trying to get attention (whether in a safe or in an encryption software).
“For years, experts have warned that our opponents will exploit the backdoor, but the government has not taken warnings and security experts’ warnings, but has made the American public vulnerable,” Vadon wrote. “That is why Congress must reject calls for new backdoors for encryption and fight all efforts by other governments, such as the UK, to force U.S. companies to weaken their encryption to promote government surveillance.”
Transgender
Rowley and Omo’s research began with the same concern that largely undisclosed unlocking methods in safes may represent a broader range of security risks. Initially, they went to find the mechanism behind the Free Security backdoor, which in 2023 sparked a backlash against the company and found a relatively simple answer: Free Security retains a reset code for each secure reset code, which in some cases can be used by U.S. law enforcement.
Since then, Liberty Safe wrote on its website that a subpoena, court order or other mandatory legal process is now required to hand over the main code, and that a copy of its code will also be deleted as required by the security owner.
Rowley and Omo plan to reveal Securam’s vulnerability more than a year ago, but stayed until now due to the company’s legal threat.Photo: Ronda Churchill
Rowley and Omo did not find any security flaws that could make them abuse specific law enforcement-friendly backdoors. But when they started checking out the Securam Prologic Lock, their research on high-end versions of the two Securam locks that use free-security products showed something more engaging. Locks have reset methods documented in the manual and are designed to be used in theory by locksmiths to help secure owners who forget their unlock code.
Enter “Recovery Code” in the lock, which is “9999999” by default – it uses that value, another number locked in the lock is called the encryption code, and a third random variable to calculate the code displayed on the screen. The authorized locksmith can then read the code to the Searim representative over the phone, and then use the value and secret algorithm to calculate the reset code that the locksmith can enter the keyboard to set up a new unlock combination.
