SecuRam installs backdoor on ProLogic series safe locks: Difference between revisions

← Older edit

VisualWikitext

@@ Line 12: / Line 12: @@
 ==Background==
-In 2023 news broke that Liberty Safe kept a master key for all safes that it sold.<ref>{{Cite news |last=Levenson |first=Michael |date=2023-09-08 |title=How a Company That Makes Gun Safes Angered Gun Owners |url=https://www.nytimes.com/2023/09/08/business/liberty-safe-codes.html |archive-url=https://archive.ph/RxHYq |archive-date=8 Sep 2023 |work=The New York Times}}</ref> Security researcher Mark Omo and James Rowley attempted to discover vulnerabilities involving this master key. They were unsuccessful, but did discover two techniques for opening safes sold by Liberty Safe that were equipped with SecuRam ProLogic series locks.<ref name=":0">{{Cite news |last=Greenberg |first=Andy |date=2025-08-08 |title=Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds |url=https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/ |archive-url=https://web.archive.org/web/20250808202428/https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/ |archive-date=8 Aug 2025 |work=WIRED}}</ref>
+In 2023 news broke that Liberty Safe kept a master key for all safes that it sold.<ref>{{Cite news |last=Levenson |first=Michael |date=2023-09-08 |title=How a Company That Makes Gun Safes Angered Gun Owners |url=https://www.nytimes.com/2023/09/08/business/liberty-safe-codes.html |archive-url=http://web.archive.org/web/20250910170952/https://www.nytimes.com/2023/09/08/business/liberty-safe-codes.html |archive-date=10 Sep 2025|work=The New York Times}}</ref> Security researcher Mark Omo and James Rowley attempted to discover vulnerabilities involving this master key. They were unsuccessful, but did discover two techniques for opening safes sold by Liberty Safe that were equipped with SecuRam ProLogic series locks.<ref name=":0">{{Cite news |last=Greenberg |first=Andy |date=2025-08-08 |title=Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds |url=https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/ |archive-url=https://web.archive.org/web/20250808202428/https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/ |archive-date=8 Aug 2025 |work=WIRED}}</ref>
 ==Discovery==
-On August 8th, 2025 while on-stage at DEF CON<ref name=":3">[https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Mark%20Omo%20James%20Rowlery%20-%20Cash%2C%20Drugs%2C%20and%20Guns%20Why%20Your%20Safes%20Aren%27t%20Safe.pdf DEF CON Presentation] Slides by Mark Omo and James Rowley</ref><ref name=":2">[https://infocondb.org/con/def-con/def-con-33/cash-drugs-and-guns-why-your-safes-arent-safe Cash, Drugs, and Guns: Why Your Safes Aren't Safe] - DEF CON talk abstract by Mark Omo and James Rowley</ref> in Las Vegas, researchers Mark Omo and James Rowley demonstrated that SecuRam ProLogic safe locks can be opened by unauthorized users without the passkey using backdoors installed by the manufacturer. In the interest of public safety, they opted not to publicly reveal the techniques they discovered. They did however provide a live demonstration to journalist Andy Greenberg from WIRED.<ref name=":0" /><ref name=":1">{{Cite web |date=2025-09-11 |title=We Digitally Cracked A High-Security Safe {{!}} Hacklab {{!}} WIRED |url=https://www.youtube.com/watch?v=upVzWfokDQc |archive-url=https://preservetube.com/watch?v=upVzWfokDQc |archive-date=17 Feb 2026 |website=Youtube}}</ref>
+On August 8th, 2025 while on-stage at DEF CON<ref name=":3">[https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Mark%20Omo%20James%20Rowlery%20-%20Cash%2C%20Drugs%2C%20and%20Guns%20Why%20Your%20Safes%20Aren%27t%20Safe.pdf DEF CON Presentation] Slides by Mark Omo and James Rowley ([http://web.archive.org/web/20251224054611/https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Mark%20Omo%20James%20Rowlery%20-%20Cash%2C%20Drugs%2C%20and%20Guns%20Why%20Your%20Safes%20Aren%27t%20Safe.pdf Archived])</ref><ref name=":2">[https://infocondb.org/con/def-con/def-con-33/cash-drugs-and-guns-why-your-safes-arent-safe Cash, Drugs, and Guns: Why Your Safes Aren't Safe] - DEF CON talk abstract by Mark Omo and James Rowley ([http://web.archive.org/web/20251018200712/https://infocondb.org/con/def-con/def-con-33/cash-drugs-and-guns-why-your-safes-arent-safe Archived])</ref> in Las Vegas, researchers Mark Omo and James Rowley demonstrated that SecuRam ProLogic safe locks can be opened by unauthorized users without the passkey using backdoors installed by the manufacturer. In the interest of public safety, they opted not to publicly reveal the techniques they discovered. They did however provide a live demonstration to journalist Andy Greenberg from WIRED.<ref name=":0" /><ref name=":1">{{Cite web |date=2025-09-11 |title=We Digitally Cracked A High-Security Safe {{!}} Hacklab {{!}} WIRED |url=https://www.youtube.com/watch?v=upVzWfokDQc |archive-url=https://preservetube.com/watch?v=upVzWfokDQc |archive-date=17 Feb 2026 |website=Youtube}}</ref>
 ==SecuRam's Response==