Zhou has added in his declaration that Securatm will fix the homo and Rowley vulnerabilities found in the future models of the prological block. “Customer safety is our priority and we have started the process of creating next generation products to combat these potential attacks,” he writes. “We expect to have new locks on the market by the end of the year.”
Photography: Churchill Ronda
In a follow -up call, the sales director of Securatm Jeremy Brookes confirmed that Securatm has no plan to fix the vulnerability in the locks already in use on the customer safety boxes, but suggests that the safe owners who are worried buy a new block and replace the one on their safe. “We will not offer a firmware package that updates it,” says Brookes. “We will offer them a new product.”
Brookes adds that he believes that Omo and Rowley are “identifying” Securatm with the intention of “discrediting” the company.
Omo replies that it is not their intent at all. “We are trying to make the public aware of the vulnerabilities in one of the most popular locks on the market,” he says.
Warning of a senator
In addition to safe freedom, the Prologic Securam locks are used by a wide range of safe producers including Fort Knox, High Noble, Fireking, Tracker, Prosteel, Rhino Metals, Sun Welding, Safe Company Specialists and Safe Companies of Pharmacy Navigation and Narcsafe, according to the research of Omo and Rowley. The locks can also be found on the boxes used by CVS for the conservation of narcotics and several chains of US restaurants for the conservation of cash.
Rowley and Omo are not the first to raise concerns about the safety of the securam locks. In March last year, the American senator Ron Wyden wrote a Open letter To Michael Casey, the then director of the National Coonteintintelligence and Security Center, exhorting Casey to clarify to the American companies that the safe locks made by Securatm, who are owned by a Chinese mother -berking company, have a ability to restore the manufacturer. That ability, Wyden wrote, could be used as a backdoor, a risk that had already led to Securam Locks prohibited for the use of the United States government like all other locks with a manufacturer’s restoration, even if they are widely used by private US companies.
In response to the learning of Rowley and Omo’s research, Wyden wrote in a declaration at Wired that the results of the researchers represent exactly the risk of a backdoor, both in the safes and in the encryption software, to which he tried to draw attention.
“The experts have warned for years that the backdoors will be exploited by our opponents, but instead of acting on my warnings and those of security experts, the government has left the American public vulnerable,” writes Wyden. “This is exactly the reason why the congress must reject the requests of new backdoors in encryption technology and fight all efforts from other governments, like the United KingdomTo force US companies to weaken their encryption to facilitate government surveillance. “
Resetist
The search for Rowley and Omo began with the same concern, according to which a method of unlocking largely not disclosed in the depictions could represent a wider risk of safety. Initially they went in search of the mechanism behind the Liberty Safe Backdoor who had caused a repercussions against the company in 2023 and found a relatively simple response: Liberty Safe maintains a restoration code for every safe and, in some cases, makes it available for US law enforcement agencies.
Since then Liberty Safe Written on its website Which now requires a quote, an order of the court or another mandatory legal process to deliver that main code and will also eliminate its copy of the code at the request of a safe owner.
Rowley and Omo have planned to reveal the existence of Securatm vulnerability more than a year ago, but so far they have resisted due to the legal threats of the company.Photography: Churchill Ronda
Rowley and Omo have not found any security defects that would allow them to abuse that particular backdoor for the police. When they started to examine the Securam prological block, however, their research on the high -end version of the two types of securam block used on Liberty Safe products revealed something more intriguing. The locks have a method of restoration documented in their manual, intended in theory to the use by Fabbri who help the safe owners who have forgotten their release code.
Enter a “recovery code” in the block – set on “999999” by default – and uses that value, another number stored in the block called encryption code and a third random variable to calculate a code displayed on the screen. An authorized blacksmith can then read that code to a Securam representative by phone, which therefore uses that value and a secret algorithm to calculate a restoration code that the blacksmith can insert on the keyboard to set up a new combination of release.