China holds codes to your safe, warns US senator


Electronic locks made in China might be giving backdoor access to the Chinese government.

On March 13th, US Senator for Oregon Ron Wyden addressed National Counterintelligence and Security Center (NCSC) Director Michael Casey regarding a potential security loophole that enables the Chinese government to have backdoor codes to electronic locks made in China. He urged the NCSC to inform the public of potential risks.

It’s a common, albeit not widely known, industry practice for manufacturers of locks used by consumers and businesses to feature manufacturer backdoor codes. Three companies that manufacture the vast majority of electronic safe locks used in the United States are China-based SECURAM Systems, US company Sargent and Greenleaf, and Swiss company Dormakaba.

ADVERTISEMENT

In the official letter, Wyden claims that consumers are not informed properly about the presence of “manufacturer reset” or “management reset” codes in their locks.

Moreover, Wyden points out that consumers are unaware that manufacturers receive requests from government agencies for those codes.

US-based Sargent and Greenleaf have confirmed to the Senator that many of its products include manufacturer reset codes and that it can be forced to reveal them to the authorities.

Wyden raises concerns, as these backdoor codes are not only available to US agencies, but also to potentially hostile foreign governments. SECURAM's technical documents, available on its website, confirm the inclusion of manufacturer reset codes in its products, and the consumer mights not always be informed about the presence of these codes.

“These backdoor codes can be exploited by foreign adversaries to steal sensitive information that US businesses store in safes, such as trade secrets and other intellectual property,” says the Senator.

As a China-headquartered company, SECURAM needs to comply with Chinese law. SECURAM could be forced to share codes with the Chinese government, which would enable access to safes used by US businesses.

The Department of Defense (DoD) confirmed to the Senator's office the national security threat that such manufacturer reset codes pose. The DoD claimed that SECURAM’s products are not approved for US government use. However, the company's low-cost products have made it very successful in the consumer market.

ADVERTISEMENT