Omo and Rowley say they informed Securam about both their safe-opening techniques in spring of last year, but have until now kept their existence secret because of legal threats from the company. “We will refer this matter to our counsel for trade libel if you choose the route of public announcement or disclosure,” a Securam representative wrote to the two researchers ahead of last year’s Defcon, where they first planned to present their research.
Only after obtaining pro bono legal representation from the Electronic Frontier Foundation’s Coders’ Rights Project did the pair decide to follow through with their plan to speak about Securam’s vulnerabilities at Defcon.
Gotta love the EFF. Just threw a bunch of cash to them.
Funfact, safe makers: It’s not libel if it’s true.
If you’re in the market for an electronic safe, here’s a list of brands to skip:
Beyond Liberty Safe, Securam ProLogic locks are used by a wide variety of safe manufacturers including Fort Knox, High Noble, FireKing, Tracker, ProSteel, Rhino Metals, Sun Welding, Corporate Safe Specialists, and pharmacy safe companies Cennox and NarcSafe, according to Omo and Rowley’s research. The locks can also be found on safes used by CVS for storing narcotics and by multiple US restaurant chains for storing cash.
“Just pop the battery and you’ll find a JTAG port where you can kindly ask for the manufacturer’s master key” is fucking wild
Oh but you need a password to do that. Unfortunately that password was something like 12345
If I’ve learnt anything from the Lock Picking Lawyer : the fancier the supposed safety feature the easier it is to circumvent.
Every time he looks at a Web 3.0 piece of junk, it gets opened even faster than any of the physical locks. It’s kinda terrifying, honestly.
Like, a magnet in the right spot and you’re good to go, is what I’m saying.Removed by mod
Well, before I can read how to break into safes, I have to break into the website that says it won’t show me the article without a subscription. That should keep those safes…er… safe.
Firefox reader mode did it for me. Just block js on the page somehow.
Archived link in body
Ha ha ha! Nope! Following that link, I have to click a captcha to prove I’m not a robot.
The layers of security theater are stacking higher and higher. What’s next? They send me through TSA to make sure I’m not carrying a tube of toothpaste that is too big?!
Sounds like someone is trying to get randomly selected for a cavity search.
No cavities, they’re a robot as evidenced by their inability to answer the captcha.
What?! How about the JTAG port?
deleted by creator
The specialized equipment the safe maker says is needed is a Python script, lol.
Phew, how fortunate that people who try to crack safes never think to use readily available equipment. That would be a real challenge for those poor manufacturers.
