SecuRam installs backdoor on ProLogic series safe locks.: Difference between revisions
Company Response + Consumer Response + more references |
m →SecuRam's Response: Reword for clarity. The word "free" here could be confused to mean "no-charge." |
||
| (One intermediate revision by the same user not shown) | |||
| Line 8: | Line 8: | ||
|Description=Researchers demonstrate that SecuRam ProLogic safe locks can be opened by unauthorized users with OEM installed backdoor. | |Description=Researchers demonstrate that SecuRam ProLogic safe locks can be opened by unauthorized users with OEM installed backdoor. | ||
}} | }} | ||
Researchers find way to open safes with SecuRam ProLogic safe locks without the passkey using backdoor codes installed by the manufacturer. <ref name=":2" /><ref name=":3" /> SecuRam offers no path for vulnerable customers to protect themselves. They have declined to offer a firmware patch, and have not yet released new ProLogic locks that are not vulnerable to this attack.<ref name=":0" /><ref name=":1" /> | |||
==Background== | ==Background== | ||
In 2023 | In 2023 news broke that Liberty Safe kept a master key for all safes that it sold.<ref>{{Cite news |last=Levenson |first=Michael |date=2023-09-08 |title=How a Company That Makes Gun Safes Angered Gun Owners |url=https://www.nytimes.com/2023/09/08/business/liberty-safe-codes.html |work=The New York Times}}</ref> Security researcher Mark Omo and James Rowley attempted to discover vulnerabilities involving this master key. They were unsuccessful, but did discover two techniques for opening safes sold by Liberty Safe that were equipped with SecuRam ProLogic series locks.<ref name=":0">{{Cite news |last=Greenberg |first=Andy |date=2025-08-08 |title=Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds |url=https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/ |work=WIRED}}</ref> | ||
==The Incident: Discovery that the Backdoor is Vulnerable== | ==The Incident: Discovery that the Backdoor is Vulnerable== | ||
On August 8th, 2025 while on-stage at DEF CON<ref>[https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Mark%20Omo%20James%20Rowlery%20-%20Cash%2C%20Drugs%2C%20and%20Guns%20Why%20Your%20Safes%20Aren%27t%20Safe.pdf DEF CON Presentation] Slides by Mark Omo and James Rowley</ref><ref>[https://infocondb.org/con/def-con/def-con-33/cash-drugs-and-guns-why-your-safes-arent-safe Cash, Drugs, and Guns: Why Your Safes Aren't Safe] - DEF CON talk abstract by Mark Omo and James Rowley</ref> in Las Vegas, researchers Mark Omo and James Rowley demonstrated that SecuRam ProLogic safe locks can be opened by unauthorized users without the passkey using backdoors installed by the manufacturer. In the interest of public safety, they opted not to publicly reveal the techniques they discovered. They did however provide a live demonstration to journalist Andy Greenberg from WIRED.<ref name=":0" /><ref name=":1">{{Cite web |date=2025-09-11 |title=We Digitally Cracked A High-Security Safe {{!}} Hacklab {{!}} WIRED |url=https://www.youtube.com/watch?v=upVzWfokDQc |website=Youtube}}</ref> | On August 8th, 2025 while on-stage at DEF CON<ref name=":3">[https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Mark%20Omo%20James%20Rowlery%20-%20Cash%2C%20Drugs%2C%20and%20Guns%20Why%20Your%20Safes%20Aren%27t%20Safe.pdf DEF CON Presentation] Slides by Mark Omo and James Rowley</ref><ref name=":2">[https://infocondb.org/con/def-con/def-con-33/cash-drugs-and-guns-why-your-safes-arent-safe Cash, Drugs, and Guns: Why Your Safes Aren't Safe] - DEF CON talk abstract by Mark Omo and James Rowley</ref> in Las Vegas, researchers Mark Omo and James Rowley demonstrated that SecuRam ProLogic safe locks can be opened by unauthorized users without the passkey using backdoors installed by the manufacturer. In the interest of public safety, they opted not to publicly reveal the techniques they discovered. They did however provide a live demonstration to journalist Andy Greenberg from WIRED.<ref name=":0" /><ref name=":1">{{Cite web |date=2025-09-11 |title=We Digitally Cracked A High-Security Safe {{!}} Hacklab {{!}} WIRED |url=https://www.youtube.com/watch?v=upVzWfokDQc |website=Youtube}}</ref> | ||
== SecuRam's Response == | ==SecuRam's Response== | ||
SecuRam's CEO Chunlei Zhou responded to the discoveries by saying that the vulnerabilities were already known by industry professionals. Zhou also added that SecuRam will not provide updated firmware for vulnerable locks, but will be releasing new ProLogic safe locks that are | SecuRam's CEO Chunlei Zhou responded to the discoveries by saying that the vulnerabilities were already known by industry professionals. Zhou also added that SecuRam will not provide updated firmware for vulnerable locks, but will be releasing new ProLogic safe locks that are not vulnerable to the aforementioned backdoors by end of year 2025.<ref name=":0" /><ref name=":1" /> | ||
==Consumer response== | ==Consumer response== | ||
| Line 24: | Line 25: | ||
==References== | ==References== | ||
{{reflist}} | {{reflist}} | ||
Latest revision as of 00:51, 16 September 2025
Researchers find way to open safes with SecuRam ProLogic safe locks without the passkey using backdoor codes installed by the manufacturer. [1][2] SecuRam offers no path for vulnerable customers to protect themselves. They have declined to offer a firmware patch, and have not yet released new ProLogic locks that are not vulnerable to this attack.[3][4]
Background[edit | edit source]
In 2023 news broke that Liberty Safe kept a master key for all safes that it sold.[5] Security researcher Mark Omo and James Rowley attempted to discover vulnerabilities involving this master key. They were unsuccessful, but did discover two techniques for opening safes sold by Liberty Safe that were equipped with SecuRam ProLogic series locks.[3]
The Incident: Discovery that the Backdoor is Vulnerable[edit | edit source]
On August 8th, 2025 while on-stage at DEF CON[2][1] in Las Vegas, researchers Mark Omo and James Rowley demonstrated that SecuRam ProLogic safe locks can be opened by unauthorized users without the passkey using backdoors installed by the manufacturer. In the interest of public safety, they opted not to publicly reveal the techniques they discovered. They did however provide a live demonstration to journalist Andy Greenberg from WIRED.[3][4]
SecuRam's Response[edit | edit source]
SecuRam's CEO Chunlei Zhou responded to the discoveries by saying that the vulnerabilities were already known by industry professionals. Zhou also added that SecuRam will not provide updated firmware for vulnerable locks, but will be releasing new ProLogic safe locks that are not vulnerable to the aforementioned backdoors by end of year 2025.[3][4]
Consumer response[edit | edit source]
On August 8th, 2025 in response to SecuRam CEO Chunlei Zhou's statements, researchers Mark Omo and James Rowley rebutted by saying that the vulnerabilities were not previously known to the public. Liberty Safe has also responded to Zhou's statements, claiming that the vulnerabilities were previously unknown to them.[3][4]
References[edit | edit source]
- ↑ 1.0 1.1 Cash, Drugs, and Guns: Why Your Safes Aren't Safe - DEF CON talk abstract by Mark Omo and James Rowley
- ↑ 2.0 2.1 DEF CON Presentation Slides by Mark Omo and James Rowley
- ↑ 3.0 3.1 3.2 3.3 3.4 Greenberg, Andy (2025-08-08). "Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds". WIRED.
- ↑ 4.0 4.1 4.2 4.3 "We Digitally Cracked A High-Security Safe | Hacklab | WIRED". Youtube. 2025-09-11.
- ↑ Levenson, Michael (2023-09-08). "How a Company That Makes Gun Safes Angered Gun Owners". The New York Times.