In a shocking twist in the world of home security, researchers James Rowley and Mark Omo uncovered a major flaw in electronic safes. Their investigation was sparked by a revelation involving Liberty Safe, a leading manufacturer claiming to be "America's #1 heavy-duty home and gun safe manufacturer." It was reported that Liberty Safe provided the FBI with the combination to open a safe linked to the January 6 Capitol invasion.

Startled by this breach in security, Rowley and Omo set out to investigate how such a pivotal backdoor functioned. They discovered not only how Liberty's backdoor worked but also a more alarming revelation: a backdoor feature in Securam Prologic locks, widely used across various brands, that hackers could exploit to crack safes in mere seconds. During their research, they found that digital safecrackers could access a hidden port in these locks, revealing a safe’s unlock code instantly.

Defcon Shockwave: Live Demonstration at Hacker Conference

At the recent Defcon hacker conference in Las Vegas, Rowley and Omo unveiled their alarming findings, showcasing live demonstrations of two methods capable of breaching Securam ProLogic locks that safeguard everything from firearms to cash and pharmaceuticals. One technique, they claim, stands out as particularly dangerous: it doesn't require specialized tools, making it alarmingly easy for nearly anyone to access almost any Securam lock globally.

Silenced by Legal Threats, Now Unleashed

After notifying Securam of the security flaws last spring, Rowley and Omo faced legal intimidation preventing them from going public. A Securam representative warned them that revealing this information could lead to legal action. However, after securing pro bono legal support from the Electronic Frontier Foundation, they felt empowered to proceed at Defcon, albeit with caution not to include specific technical details that could assist others in replicating their techniques.

A Corporate Defense: Securam Responds

In response to inquiries, Securam’s CEO, Chunlei Zhou, downplayed the researchers' findings, asserting that they were already known within industry circles and that exploiting these vulnerabilities required specific expertise. Zhou emphasized that no customers had reported breaches using this method and remarked that alternative opening methods, like drilling and utilizing locksmith devices, were inherently more cumbersome.

Political Attention: A U.S. Senator Weighs In

Beyond Liberty Safe, the Securam ProLogic locks are found in safes across numerous manufacturers like Fort Knox and CVS, stirring concerns around national security. Notably, U.S. Senator Ron Wyden had previously issued warnings about Securam locks’ vulnerabilities, calling attention to their backdoor capabilities in communications with the National Counterintelligence and Security Center.

The Dual-Cracking Techniques: ResetHeist and CodeSnatch

Rowley and Omo developed two distinct hacking techniques:
. **ResetHeist** - By analyzing the firmware of the Securam locks, they could generate a reset code without any specialized equipment.

2. **CodeSnatch** - Using a Raspberry Pi, they extracted a so-called ‘super code’ from the lock through a debug port, capable of bypassing the lock’s security with astonishing ease.

Both methods have prompted alarm bells, ringing across the safe manufacturing community about the potential for widespread breaches. Even amid accusations of discrediting Securam, Rowley and Omo maintained their intention was merely to alert the public to these significant flaws.

The Future of Safe Security: What’s Next?

Securam has announced plans to address these vulnerabilities in future models but has made it clear that existing locks will not be patched. Instead, they suggest customers buy entirely new locks. While Securam plays defense, Rowley and Omo emphasize the vulnerability of electronic locks, highlighting a broader issue of inadequate cybersecurity standards in consumer products.

While the duo refrains from fully disclosing their techniques, they warn that malicious actors could easily stumble upon ways to replicate these attacks. Their plea is for consumers to rethink what they consider safe and stay informed about potential security loopholes that could leave their possessions unprotected.

As they summarized their mission, Omo stated, "We want people to know how bad this can be. Electronic locks have electronics inside, and electronics are hard to secure."