U.S. security researchers have discovered two major security vulnerabilities in the electronic lock Securam Prologic widely used in safes in the United States, which can be cracked within seconds.
Securam Prologic locks are produced by a Chinese company called “Dongwu Electric” based in Nanjing, China. These locks are extensively used in safes in the United States such as Liberty Safe, Fort Knox, High Noble, FireKing, used for storing personal firearms, retail cash, and pharmacy narcotics. Many chain restaurants and CVS pharmacies in the United States also use these locks.
According to Wired media’s report on Friday (August 8), researchers James Rowley and Mark Omo publicly presented their research findings on safe electronic locks for the first time at the Defcon hacker conference held in Las Vegas. They demonstrated on stage two different methods to open electronic safes equipped with Securam ProLogic locks.
They stated that by using the lock’s default “recovery code” (set to 999999) and the encrypted code stored inside the lock, researchers can calculate the reset code by reverse-engineering the lock’s firmware, allowing them to unlock it without the need for special hardware.
Additionally, by removing the lock’s battery and connecting it to the lock’s hidden debug port using homemade tools, they were able to extract the “super code” to directly unlock it.
As per Wired’s interview, Rowley and Omo first notified Securam of their research in the spring of 2024 but faced legal threats for their methods. It wasn’t until they received legal support from the Electronic Frontier Foundation (EFF) that they decided to continue their research and publicly disclose the vulnerabilities of Securam electronic locks at the 2025 Defcon conference.
They mentioned that they have been extremely cautious to avoid revealing too many technical details to prevent misuse and have been trying to warn safe users that many of their devices have two different vulnerabilities.
Their goal in publishing the research is to alert users that electronic safes may not be as secure as they think and to push companies like Securam to improve product security.
Securam CEO Chunlei Zhou denied the severity of the vulnerabilities, stating that these “vulnerabilities” are widely known in the industry and also affect other safe lock suppliers using similar chips.
He further stated that exploiting these vulnerabilities would require professional knowledge and equipment, and they have not received any reports of customers’ safes being compromised.
Subsequently, Zhou added that Securam plans to address the vulnerabilities discovered by the two U.S. researchers in future models but does not intend to provide firmware updates for existing locks, only recommending users to replace them with new locks.
According to an interview with Min Hao, Chairman of Dongwu Electric, the parent company of Securam, by mainland Chinese media, since 2008, the company has successively collaborated with well-known safe companies in the United States, holding a high market share in the U.S. high-security lock market.
Additionally, the company’s high-security safe control series products cover civilian and commercial products as well as high-security products specifically designed for government and defense departments, totaling more than a hundred varieties.
Within China, the company has long-term collaborations with over 120 banks and financial institutions such as Agricultural Bank of China, Industrial and Commercial Bank of China, China Merchants Bank, and more. Internationally, their products are exported to over 40 countries and regions, including the United States, Europe, Australia, Southeast Asia, and the Middle East.
In March 2024, U.S. Senator Ron Wyden warned that safes with locks produced by Securam (a Chinese parent company) have a manufacturer reset function, which could be used as a backdoor, urging to prohibit their use in government.
Wyden stated in a statement to Wired that the latest research findings represent the backdoor risks of Securam—whether in safes or in encryption software.
He emphasized that experts have warned that backdoors can be exploited by adversaries of the United States, and Congress must reject calls to create new backdoors in encryption technology and resist any other forms of backdoor attacks.
The researchers stressed that electronic locks’ electronic components are difficult to ensure complete security, highlighting the shortcomings of U.S. consumer product cybersecurity standards.
According to Securam’s introduction, their locks have passed the certification of the American Underwriters Laboratory. However, the significant vulnerabilities discovered this time may indicate some limitations in that certification standard.
A spokesperson for the High Noble Safe Company stated in a statement that this was the company’s first time learning about Securam’s vulnerabilities. Currently, the company is reviewing the security of the locks used in its product line and developing guidance for customers, including “additional physical security measures or potential alternative solutions.”
A representative from Liberty Safe also mentioned that the company was unaware of Securam’s vulnerabilities before. In a statement, the spokesperson wrote, “We are currently investigating this issue with Securam and will make every effort to protect our customers, including verifying other potential lock suppliers and developing new proprietary locking systems.”
“We hope Securam can address this issue, but more importantly, we want people to know how serious this is,” researcher Omo concluded. “There are electronic components inside electronic locks. And electronic components are hard to ensure security.”