Senator Ron Wyden actually warned about Securam's backdoor in a letter to the NCSC last year. βExperts have warned for years that backdoors will be exploited by our adversaries, yet...the government has left the American public vulnerable,β he now told me in a statement.
Securam says it will fix the vulnerabilities in a new lock model coming later this year. It has no plans to offer an update to all the locks on safes currently in use. If you want a secure safe, you'll have to buy and install a new lock.
Securam ProLogic locks are used across the US on safes sold by Fort Knox, High Noble, FireKing, Tracker, ProSteel, Rhino Metals, Sun Welding, Corporate Safe Specialists, and pharmacy safe companies Cennox and NarcSafe specifically to hold drugs in pharmacies.
Senator Ron Wyden actually warned about Securam's backdoor in a letter to the NCSC last year. βExperts have warned for years that backdoors will be exploited by our adversaries, yet...the government has left the American public vulnerable,β he now told me in a statement.
One of their safecracking techniques exploits a manufacturer backdoor to instantly obtain the combination. The other uses a custom tool to extract the combination from a hidden port inside the lock's battery compartment, shown here: https://www.youtube.com/watch?v=MYCeUOmPd7k
Securam ProLogic locks are used across the US on safes sold by Fort Knox, High Noble, FireKing, Tracker, ProSteel, Rhino Metals, Sun Welding, Corporate Safe Specialists, and pharmacy safe companies Cennox and NarcSafe specifically to hold drugs in pharmacies.
Researchers at Defcon just showed they can crack the Securam ProLogic locks used on high-security safes to protect guns, cash, and narcotics in pharmacies.
When they told Securam last year, it sent them legal threatsβand didn't fix the flaws.
https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/
One of their safecracking techniques exploits a manufacturer backdoor to instantly obtain the combination. The other uses a custom tool to extract the combination from a hidden port inside the lock's battery compartment, shown here: https://www.youtube.com/watch?v=MYCeUOmPd7k
Researchers at Defcon just showed they can crack the Securam ProLogic locks used on high-security safes to protect guns, cash, and narcotics in pharmacies.
When they told Securam last year, it sent them legal threatsβand didn't fix the flaws.
https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/
Motorola says itβs pushed out a patch. The hackers who found the flaws argue thatβs not enough.
βThere's a microphone connected to a computer that's connected to the network,β says one who goes by Nyx. βAnd there's no software patching that will make that not possible to use as a listening device.β
Motorola has also marketed the Halo 3C for use in public housingβinside peopleβs homes.
βThat kind of took it up a notch as far as how egregious this entire product line is,β Nyx says. βMost people have an expectation that their home isnβt bugged, right?β
Security flaws in the Halo 3C would allow any who hacked them to disable smoke/vape detection, spoof false alerts, eavesdrop in real time, or even play whatever audio they chose through the deviceβs speaker.
Demonstrated at Defcon today and in a video in our story above.
Motorola says itβs pushed out a patch. The hackers who found the flaws argue thatβs not enough.
βThere's a microphone connected to a computer that's connected to the network,β says one who goes by Nyx. βAnd there's no software patching that will make that not possible to use as a listening device.β
The Halo 3C is a smoke/vape detector that Motorola sells for use in school bathrooms. It also has microphones inside.
A teen hacker found them at his school, and with another security researcher has now shown they could be hacked for audio surveillance.
https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/
Security flaws in the Halo 3C would allow any who hacked them to disable smoke/vape detection, spoof false alerts, eavesdrop in real time, or even play whatever audio they chose through the deviceβs speaker.
Demonstrated at Defcon today and in a video in our story above.
The Halo 3C is a smoke/vape detector that Motorola sells for use in school bathrooms. It also has microphones inside.
A teen hacker found them at his school, and with another security researcher has now shown they could be hacked for audio surveillance.
https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/
After Luigi Mangione allegedly killed the CEO of United Healthcare with a 3D-printed "ghost gun," I wanted to know how far these DIY firearms have come.
So I 3D-printed and assembled the same exact model of gunβand test-fired it.
Our story and video: https://www.wired.com/story/luigi-mangione-ghost-gun-built-tested
And thread π
Andy Greenberg