Andy GreenbergResearchers at Defcon just showed they can crack the Securam ProLogic locks used on high-security safes to protect guns, cash, and narcotics in pharmacies.
When they told Securam last year, it sent them legal threatsβand didn't fix the flaws.
https://www.wired.com/story/securam-prologic-safe-lock-backdoor-exploits/
Fluffy Kitty Cat@agreenberg@infosec.exchange companies that respond to security vulnerabilities of legal threats should not be trusted, their customers should dump them
Andy GreenbergOne of their safecracking techniques exploits a manufacturer backdoor to instantly obtain the combination. The other uses a custom tool to extract the combination from a hidden port inside the lock's battery compartment, shown here: https://www.youtube.com/watch?v=MYCeUOmPd7k
Andy GreenbergSecuram ProLogic locks are used across the US on safes sold by Fort Knox, High Noble, FireKing, Tracker, ProSteel, Rhino Metals, Sun Welding, Corporate Safe Specialists, and pharmacy safe companies Cennox and NarcSafe specifically to hold drugs in pharmacies.
Andy GreenbergSecuram ProLogic locks are used across the US on safes sold by Fort Knox, High Noble, FireKing, Tracker, ProSteel, Rhino Metals, Sun Welding, Corporate Safe Specialists, and pharmacy safe companies Cennox and NarcSafe specifically to hold drugs in pharmacies.
Andy GreenbergSenator Ron Wyden actually warned about Securam's backdoor in a letter to the NCSC last year. βExperts have warned for years that backdoors will be exploited by our adversaries, yet...the government has left the American public vulnerable,β he now told me in a statement.
Andy GreenbergSenator Ron Wyden actually warned about Securam's backdoor in a letter to the NCSC last year. βExperts have warned for years that backdoors will be exploited by our adversaries, yet...the government has left the American public vulnerable,β he now told me in a statement.
Andy GreenbergSecuram says it will fix the vulnerabilities in a new lock model coming later this year. It has no plans to offer an update to all the locks on safes currently in use. If you want a secure safe, you'll have to buy and install a new lock.
Andy GreenbergSecuram says it will fix the vulnerabilities in a new lock model coming later this year. It has no plans to offer an update to all the locks on safes currently in use. If you want a secure safe, you'll have to buy and install a new lock.
demi7en π
πͺπΊ
@agreenberg@infosec.exchange Better find a more "secure" and ethical provider for your next safe. π€¦
Businesses like this deserve to be wiped out.
Jez Caudle :verified:@agreenberg@infosec.exchange In the process of buying a safe and Iβm looking for someone with keys. Physical turning things. The bigger the better.