Hacking Electronic Safes: A Growing Concern
Electronic safes have become a staple in homes and offices alike, providing a secure way to store valuable items. However, recent research has uncovered two critical vulnerabilities in the Securam Prologic locks used in many of these devices, leaving their owners exposed to potential hacking.
A Glimmering Backdoor
According to experts Omo and Rowley, one of the vulnerabilities exploits a feature intended as a legitimate unlock method for locksmiths. This means that if a safe is equipped with such a lock, an attacker can potentially gain access using a code generated by the same system used by authorized locksmiths.
"This attack is something where, if you had a safe with this kind of lock, I could literally pull up the code right now with no specialized hardware, nothing," Omo says. "All of a sudden, based on our testing, it seems like people can get into almost any Securam Prologic lock in the world."
A Hidden Backdoor
The other vulnerability, while not as widespread, still poses a significant threat to safe owners. This backdoor allows an attacker to bypass certain security measures and gain access to the safe's contents.
Omo and Rowley say they informed Securam about both vulnerabilities last spring, but have until now kept their existence secret due to legal threats from the company. "We will refer this matter to our counsel for trade libel if you choose the route of public announcement or disclosure," a Securam representative wrote to the two researchers ahead of last year's Defcon.
A Delicate Balance
Only after obtaining pro bono legal representation from the Electronic Frontier Foundation’s Coders’ Rights Project did the pair decide to follow through with their plan to speak about Securam’s vulnerabilities at Defcon. Omo and Rowley are now being careful not to disclose too much technical detail, while still trying to offer a warning to safe owners.
"We want to make it clear that we're not trying to exploit this vulnerability for malicious purposes," Omo says. "We just want to bring attention to the fact that these vulnerabilities exist and that users need to be aware of them."
A Response from Securam
Securam has announced plans to update its locks by the end of the year, but have no plans to patch any locks already sold. This decision has left many wondering if the company is doing enough to address the growing concern surrounding electronic safe vulnerabilities.
"We take the security and safety of our customers very seriously," a Securam spokesperson said in a statement. "We are committed to ensuring that all of our products meet or exceed industry standards for security and performance."
A Warning to Safe Owners
As the situation continues to unfold, one thing is clear: safe owners need to be aware of the potential risks associated with electronic safes. While Securam's vulnerabilities are not yet widely known, it's likely that more will come to light in the coming months.
"We urge all safe owners to take steps to protect themselves," Omo says. "This includes keeping their safes up to date with any available security patches and being cautious when using third-party services."