Failles de sécurité dans les coffres-forts Liberty Safe révélées
des chercheurs en sécurité, Rowley et Omo, ont mis en lumière une vulnérabilité potentielle dans les coffres-forts Liberty Safe. L’enquête, initialement axée sur la recherche de backdoors, a révélé une méthode de réinitialisation documentée dans le manuel des serrures Securam, utilisée par Liberty Safe. Cette méthode, destinée aux serruriers, pourrait compromettre la sécurité des coffres-forts si elle est exploitée. Découvrez comment cette faille a été découverte et quelles sont les implications pour les propriétaires de coffres-forts.
Okay, here’s a breakdown of the text provided, focusing on the key information and its context. I’ll organize it into sections for clarity.
1. Image & Caption:
Image Source: The text is accompanied by an image hosted on Wired.com, depicting hackers. The image is available in multiple resolutions (120w, 240w, 320w, 640w, 960w, 1280w, 1600w) for responsive display.
Caption: The caption states that Rowley and Omo (presumably the hackers in the image) planned to reveal vulnerabilities in Securam locks over a year ago, but were delayed due to legal threats from the company. Credit: The photograph is by Ronda Churchill.
2. Securam Lock Vulnerability Investigation:
Initial Findings: Rowley and Omo didn’t find a way to exploit a backdoor in Securam locks. (Meaning they couldn’t use it maliciously).
Focus Shift: Their investigation shifted to the higher-end Securam locks used in Liberty Safe products. Finding: They discovered a documented reset method in the lock’s manual, intended for locksmiths assisting owners who’ve forgotten their codes.
3.The Reset Method & Potential Weakness:
Recovery Code: The reset method involves entering a “recovery code” (defaulting to “999999”). Calculation: This recovery code, along with a “encryption code” stored in the lock and a random variable, are used to calculate a code displayed on the lock’s screen.
Locksmith Verification: A locksmith reads this displayed code to a Securam representative over the phone. Securam’s Algorithm: Securam then uses a secret algorithm and the received code to calculate a reset code that the locksmith can enter to set a new combination.
In essence, the text describes a security research effort focused on Securam locks, revealing a potential vulnerability in the reset process. The vulnerability lies in Securam’s control over the secret algorithm used to generate the reset code, and the reliance on phone communication to verify the displayed code.
Paywall Note: The text is marked with a “paywall” class, indicating that the full article might potentially be behind a subscription. This means there’s likely more detail available in the complete article.
