Massively Popular Safe Locks Have Secret Backdoor Codes

Two of the biggest manufacturers of locks used in commercial safes have been accused of essentially putting backdoors in at least some of their products in a new letter by Senator Ron Wyden. 404 Media: Wyden is urging the U.S. government to explicitly warn the public about the vulnerabilities, which Wyden says could be exploited by foreign adversaries to steal what U.S. businesses store in safes, such as trade secrets. The little known "manufacturer" or "manager" reset codes could let third parties -- such as spies or criminals -- bypass locks without the owner's consent and are sometimes not disclosed to customers. Wyden's office also found that while the U.S. Department of Defense (DoD) bans such locks for sensitive and classified U.S. government use in part due to the security vulnerability reset codes pose, the government has deliberately not warned the public about the existence of these backdoors. The specific companies named in Wyden's letter are China-based SECURAM and U.S.-based Sargent and Greenleaf (S&G). Each produces keypad locks which are then implemented into safes by other manufacturers. The full list of locks that contain backdoor codes is unknown, but documentation available online points to multiple SECURAM products which do include them, and S&G confirmed to Wyden's office that some of its own locks also have similar codes.

Read more of this story at Slashdot.