Zhou announced that Securam will address the vulnerabilities identified by Omo and Rowley in future iterations of the ProLogic lock. In his statement, he emphasized, “Customer security is our priority, and we are actively developing next-generation products to counter these potential threats.” He anticipates having the new locks available by year’s end.
In a follow-up discussion, Jeremy Brookes, Securam’s director of sales, confirmed that there are no plans to patch the vulnerabilities in existing locks used by customers. He recommends that concerned safe owners purchase new locks as replacements. “We’re not providing a firmware upgrade; instead, we’ll offer a new product,” Brookes stated.
Brookes also expressed that he believes Omo and Rowley are “singling out” Securam with the intention of “discrediting” the company.
In contrast, Omo clarified that their aim is not to discredit but to raise awareness about vulnerabilities present in one of the most widely used safe locks.
Senator’s Warning
Securam ProLogic locks are utilized by various safe manufacturers, including Fort Knox, High Noble, FireKing, and others, making them prevalent in settings such as CVS for narcotics storage and across several U.S. restaurant chains for cash management.
Earlier, U.S. Senator Ron Wyden expressed concerns regarding the security of Securam locks in an open letter to the National Counterintelligence and Security Center, warning that the manufacturer reset capability could pose a backdoor risk. This capability has led to policymakers barring Securam locks from government use due to security concerns, even as they remain common in the private sector.
ResetHeist
Rowley and Omo’s investigation stemmed from worries that undisclosed unlocking methods in safes could indicate broader security issues. Initially searching for the backdoor method linked to Liberty Safe, they uncovered that Liberty retains a reset code for each safe, sometimes accessible to law enforcement.
Rowley and Omo had planned to reveal Securam’s vulnerabilities over a year ago but delayed due to legal threats from the company. Their research on the higher-end version of the Securam locks uncovered that these locks allow for a recovery method intended for locksmiths assisting users who forget their codes, showcasing potential security flaws.
