Cash, Drugs, and Guns: Why Your Safes Aren't Safe

Presented at DEF CON 33 (2025), Aug. 8, 2025, 12:30 p.m. (45 minutes).

When Liberty Safe was found to have provided safe unlock codes to authorities, it made us wonder; how was it even possible for Liberty to do this? Our talk will cover the vulnerabilities we found and journey into the various families of locks made by SecuRam, the OEM of safe locks used by Liberty Safe and other Safe vendors. Our exploration began with an “analog” lock from Liberty Safe but quickly expanded to SecuRam’s “digital” lock lines, where we found a debug port that allowed access to all firmware and data. Through this, we discovered that codes are stored on the externally accessible keypad, rather than securely inside the safe (as well as other issues). These locks, deployed widely in consumer, and commercial safes at major retail chains exhibit vulnerabilities that enable opening them in seconds with a Raspberry Pi. We invite you to our session to see us crack UL-certified High-Security Electronic Locks live! References: - Liberty Safe providing safe codes to LE [link](https://www.nytimes.com/2023/09/08/business/liberty-safe-codes.html) - fail0verflow blog on RL78/G13 dumping [link](https://fail0verflow.com/blog/2018/ps4-syscon/) - Past DEF CON talks on e-locks: - DEF CON 23 (2015) - Hacking Smart Safes - On the Brink of a Robbery - First talk about hacking into electronic safes - DEF CON 24 - Plore - Side channel attacks on high security electronic safe locks - First talk about attacks on very basic consumer electronic locks - Work done by Somerset Recon on the BLE version of Securam Lock (B01) [link](https://www.somersetrecon.com/blog/2016/6/7/electronic-safe-lock-analysis-part-1-teardown) See our slides for detailed citations.

Presenters:

• Mark Omo
  Mark Omo is a professional security researcher and engineer, but mostly a fearless leader, a job which he definitely loves way more than actually hacking things. Mark has a background in Consumer and Medical and Aerospace products. He spends his days making PowerPoints and his nights hacking away on embedded hardware.
• James Rowley
  James Rowley is a professional security researcher and engineer who loves that job so much he does it in most of his free time too. Aside from cracking electronic safe locks, he has years of experience working on embedded security, and helping build better products there; he has presented on those topics at Hardwear.io in the past. He has been hacking and making things since childhood, eventually making it a career. Born, raised, and still living in the Southwest US, he loves exploring and photographing that desert environ almost as much as tearing down products.

Similar Presentations:

• DEF CON 24 (2016) / Side-channel Attacks on High-security Electronic Safe Locks
• DerbyCon 3.0 All in the Family (2013) / Electronic Safe Fail: Common Vulnerabilities in Electronic Safes
• DEF CON 13 (2005) / A Safecracking Double Feature: Dial ‘B' For BackDialing and Spike the Wonder Safe