For an electronics person: Rewire the keypad so it enters different numbers than the legend. That way the manufacturer code will only work if you know the new layout.
I've done this as a joke on one of the doorway access control keypads at my old tech school, but it never occured to me that my mild amount of trolling could have genuine security applications... until now.
@@H3110NU I had a supervisor ask me to clean a keyboard one time. I accidentally put some of the keys on wrong, then got a call because a keyboard was giving the wrong letters. 😀
I did a brute force attack on a combo lock at a place I was renting. It was a 4 digit lock, I figured I could start at 0000 and go through several numbers every time I walked by. Set it to 0000, and it opened
Pay attention to what Liberty isn't saying, their keypad vendor still has these codes. They'll just redirect the call to them! Keypad swaps will become a niche market for a while. For the time being you can remove the SN and have a swap party with friends
Most of the electronic locks allow someone to attach a manufacturer device to read the serial number from the electrical connector between the keypad & lock body. So peeling off the serial number sticker doesn't really solve the problem.
21:00 - Ian has said things like this before, though he's never done a deep dive into when or why this specific act can be held against a person in court. In his recent Liberty Safe videos, he went at it from the angle of (paraphrased) "cops love to say that a search was consentual when their warrents are challenged (since establishing it renders the validity of the warrent moot). If they had to destructively open your safe, that provides strong evidence that the search wasn't consentual." In the past, within a video titled "why your spouse needs a gun license (if you are a gun owner)," he pointed out that the police can use the tatic of asking your spouse to open your safe containing your guns to demonstrate that they are in possession of the guns, and thereby justify laying charges against them if they lack a license. It is important to note that Ian has not stated that "opening a safe can be used against you in court" in such general terms. It is also important to note that he talks to Canadian law most of the time, which may not relate 1:1 with the US (but is often similar).
If you have access to the gun you need a license. If you keep your gun in a place where a non-licensed person can access it, you should lose your license (in many countries you do). I cannot see the problem. The rules are quite clear on this, as far as I understand rules in some European countries - of course. I find these very simple rules pretty clear .
@@johanneswerner1140 This topic is irrelevant to my comment, because my comment is solely about the risks of opening a safe for LE and contains no moral judgements of one's hypothetical actions as a gun owner, but there _is_ a problem. It lies in the element you neglected to mention: that one's spouse gets charged with possession. They don't choose whether one shares the code with them, and it should go without saying that the vast majority of couples will live in the same building as a matter of course. Charging them over the choices of their spouse strikes me as a clear injustice. I will not comment on whether I think people should lose their license over telling their spouse the gun safe combination or key location, because this strikes me as a place where reasonable minds will differ with little room for productive debate. I'd be happy to explain why people may have either opinion if you'd like, but my own opinion will remain unsaid. (edit: typo; fixed "producitive" because it was bothering me)
Talking about a company's promise to respect user privacy calls to mind a recent article I saw highlighting one of the private DNA/genetics analysis services who give customers an option, and their promise, to opt their genetic data out of law enforcement searches. It came out that not only was there a backdoor to bypass that choice, but members of the company willingly used the backdoor to specifically search within the database of opted out users in searches at the direct request of law enforcement. And certainly in the absence of subpoena.
I really hope to see a widespread push for better privacy and accountability from these large corporations that we're practically forced to use. For everyone's sake. Thanks for the great informative content as always Dev!
@@mpioman9885...and that will happen the same day the Patriot Act gets repealed. ie Don't hold your breath. The willingness with which citizens hand over vast amounts of private data to third parties through mostly unread but agreed to Terms & Conditions - information most would never willingly or knowingly give to governing bodies and enforcement agencies - is just far too convenient for governments worldwide to pass up or ignore.
I mentioned it on another video, but my experience with Liberty was totally 180° from how this mess all went down. A friend passed away, and I was helping his family (and the executor of his trust/will) get into his safes. The person I talked to at Liberty on the phone was sympathetic, but stuck to sensible, professional security responses and wanted actual physical paperwork vetting us and proving we hadn't stolen the safe we were trying to access. I got the impression that they took it seriously and I felt *better* after talking with them when it was all going down. I'm just disappointed they'd change their policies and approach so drastically when law enforcement concerned.
If Liberty Safe hadn't taken that stance with you, their reputation would be totally trashed forever. There can be no legitimate argument, _ever_, to provide a master code or MCA based on just a phone call or two, not even if the incoming caller ID shows it to be from someone Liberty knows and trusts. I'm sorry for the loss of your friend, but people who own safes die all the time and their death doesn't give anyone the right to access their property, whether it's their family or their executor, without a court order. That court order can then be used by a locksmith to legally open the safe, either destructively or non-destructively if they have the means.
@@tomferrin1148 That's what I was saying, I fully expected that response from them, and I'm disappointed they flip flopped on it for the feds. As a random citizen, they rightfully expected me to prove who I was and why I should have access. I hoped they were like that with everybody. If the policy is "we need bona fide physical paperwork to cover our asses" that would be perfectly reasonable. The issue here with liberty is that they didn't stick to that policy with the feds, and word got out.
So to be clear, the company who sold you out would like to compensate you by promising to delete the override code on your safe. The only thing is, you have to trust them again.
Runkle has advised that the gov't having to destructively open your safe is also useful as evidence in that it shows you did not willingly consent to the search of your safe.
One of the things that people in the non-security industry don't realize, it doesn't matter what your security is, on your home, on your safe, on anything. If someone wants entry bad enough, they can, and will get it. It only comes down to how difficult it is. You could have the biggest most secure safe in the world, a properly placed tap drill, a bit of thermite on the hinges, a chop saw, an autodialer, and various other forceful entry methods can, and always are an option, it's just how much time and effort it takes. Yes, non destructive methods are always preferable, and often quicker, but Even a heavy duty safe, buried in a panic room, guarded by an army of security personnel, still . is . vulnerable. Just less so.
your attempt to sound studied failed. being invaded by a crack team of heisters with drills and explosives is not a realistic expectation for most people. it would have been smarter to simply advise people to invest in ways to hide the safe behind a false wall or something similar. but yes, ultimately the government will get into your safe using brute force methods if they wanted, another reason to invest in opsec so that isn't a problem in the first place
Security is there to deter and slow people down. There are some homes south of me which have priceless master works of art. They have some amazing security procedures and systems, but even their installers (and their insurance cos) warned them that none of this is foolproof. Given enough time and resources, it's all defeatable.
Thanks, DevO. I've always appreciated your well-reasoned insight coming from the opposite side of the political spectrum. There's a lot of disturbing government overreach no matter how one views the politics. It fascinates me how polarizing this issue is, when it REALLY shouldn't be.
I mean the guy did something absolutely illegal, and we all knew this was gonna be route the Feds were gonna take. I.e. let them walk in and expose themselves, keep people protected, and catch anyone they can later. However, yeah, it is still concerning how many backdoors and vulnerabilities there are in technology these days. Mfs wonder why I prefer my early 00s car (edit, also just don't buy a Kia if you don't know about that backdoor)
@@TMS5100 He defends authoritarians, the regime is putting people in prison over memes for decades, prosecuting people who didn't even show up for a protest even, this is on him.
Staying off people's radar is just so big of a suggestion. I hadn't gotten any phishing emails until I started my most recent job. And even now, I only get phishing emails to my work email. As much as I hate the idea of security through obscurity, it actually works as a front line to just not be a target for attacks
The problem with security _through_ obscurity is that the obscurity is the only line of defense, and anyone knowledgeable of your secrets has already defeated your security. Obscurity as a layer of security does work.
I feel bad for the folks who thought Liberty would stand up for their rights. You can never trust a third party against government intrusion, either formal subpoena or simple request. Never trust a third party. Even Chinese or European entities can be forced to disclose info they have. The only difference are the hoops the government has to jump through. This is well known to any InfoSec professional.
Sure. However, the government will get into the safe if they have a reason to; if someone is a J6 douchebag, their safe will be opened. The only question is if the safe will still be be serviceable in 10 years or whatever when they are out of prison, or if it has a large hole cut in the side of it. A Liberty safe is not meant to keep out a state actor. It's meant to keep out the basic crackhead or withstand a house fire or similar. So in this case this guy's kids will get a working safe instead of having to get a scrap company to come remove a half-ton block of useless steel and gypsum. Don't buy a commercial safe of any brand if you need to keep out the government.
Yeah nah, we go from one "trust me bro the safe is safe" to a "trust me bro I deleted the backdoor code from record". Let the mob drag them through the coals, they earned this and must become an example to guide other manufacturers.
When they say they’ll trust literally anyone more than they’ll trust “the federal government”, some of them really take it to heart and die on that hill. 😆
Unless their code is open-source it would be impossible to determine if there was another backdoor, but we know that they would not agree to releasing the source.
Their owners donated the MAX AMOUNT to "Fetterman for Congress" just within the past year... let them burn. I hope they get slapped with a class action lawsuit from their customers.
1) I once had a faulty mechanical combination lock on a two-drawer Mossler file that frustrated the locksmiths' attempt at manipulation. Because of the remote location they were not able to bring their "special" tools. We ended cutting it open with a exothermic torch. Moral of story, if the FBI has a warrant, they're going to get into your safe. It may be the easy way or the hard way but they're going to get in. 2). When the electronic lock on my safe was starting to fail, I decided to replace it with a mechanical one. I knew that mechanical locks were subject to manipulation, thus less secure. OTOH they work for many years without issues and are not subject to EMP. I now know that they also don't have any "backdoor" codes.
Ian was talking about this on the "Legal Friday" livestream on the "Laid Back News" channel earlier today, and he mentioned the whole thing around knowing the safe code implies knowledge and/or ownership of the contents.
Absolutely y I love this & ur content. People literally offended about their privacy (well placed), but completely unaware of the world we've lived in since datamining was the responsibility of manual investigators at the credit rating businesses & not evaluating the costs & work for more than simple security theater.
@mycosys You need to specify the Info Op you are referencing. I was referencing that as early as the 1820's w/ Tapan & definitely by the Woolford's in 1899 there had already developed a market & serious incentive for the disruption of individual privacy rights via businesses & government. Fast forward through WW2, the Cold War, Web Search companies, Patriot Act, & now the Social Media era & Im simply continually flabbergasted that people do trust S&G et. al. to not regularly participate in this activity. They are simply behaving par for the course across a large cryptifascist dataming socioeconomic landscape.
You shouldn’t. They probably have backups of that data somewhere and no process to clean those ho, so it could all just reappear after a restore from backup.
Also, part of criminal litigation is simply raising the cost to the prosecution. They are balancing both the chance of success and the resources it would take to bring you to trial against any plea they offer or a potential deciscion not to prosecute. Yes, (not definitively settled but see law prof Orin Kerr's discussion) the gov can almost certainly compell you to produce the code to either decrpyt your data or open your safe -- provided they can prove you do know the code (not sure under what standard). But, even so, that represents complexity and cost that increase their costs to go to trial and can be used by a good lawyer to increase your chances of either a better plea or a dropped case.
Something else that safe owners may not know is their lockable dials are often keyed alike. This is not the internal lock that locks the safe's bolt work and keeps the safe shut. This is just a small lock for the outside dial on mechanical locks. S&G, and others, offer lockable dials as a small form of nuisance protection. S&G does offer them to be keyed different, but most safe manufacturers are ordering these keyed alike. They do this so it's easier to stock parts, replace keys, etc... But this means if my neighbor and I both have Liberty safes with lockable dials, it's probably the same key. All liberty safes I've ran across with lockable dials use the same key. IMO I wish safe companies wouldn't do this as the "default". They don't tell customers they are keyed alike and there is already too much key sharing in this world. cough-CH751-cough
As a person who used to break into safes my advice is ditch the electronics and get a mechanical. I found work arounds for a variety of brands. They were in the price range of 750-2000 dollars new. Most of them i could open in under 2 minutes without cutting/drilling/damaging. A couple brands would require me to make 2 visits. One to retrieve a number in order to purchase a "backup failsafe key". One brand i remember only had a dozen different keys. In theory i could buy them all for 1200 cash and have them in my collection or just buy the needed one for 100 bucks. I later discovered a unique lock pick available overseas that would open these safes. Ive never seen the tool in the US. (Pop your digital keypad off and see if theres a strange key hole behind it) Safes just slow someone down. With enough research and brain power they will open it. Just like your front door lock will keep honest people out but anyone who wants in will get in. For anyone curious i was not a burglar or thief. I was someone who enjoyed hacking and knew people who were willing to pay for discretion . Unlike a locksmith when i unlocked it i didnt open the door wide and look inside.
Thanks for the 2M explanation and the leads to go search for possibilities of changing the manufacturer's reset code. (Even if there's no reason that there couldn't be some other persistent code in there.) I've already started looking for someone wanting to unload a safe and I'm no certified safe tech but I've managed manipulating open a few and I'm very comfortable with dropping in a group 2 if I can get a deal on the box. For daily driver use I like LPL's definition of an adequate lock. Instead of misquoting I'll paraphrase: Will it stop a curious adolescent for the longest time that I will need to leave the firearm unsupervised?
19:26 The cops literally burned a house down where a fugitive snuck into to get him out and fought to tooth and nail to pay nothing to the owners who didn't even have anything to do with anything. They don't "have" to do shit.
This seems like an opportunity for someone to make open source safe lock firmware. If the factory microcontroller can't be used (not flashable, etc), replace it with an ATMEGA 328p or something (or do a full open source replacement board). Obviously it would need to have protections against differential power analysis and such, but those attacks and mitigations are pretty well known.
it may be an "opportunity" in an academic sense, but as far as a market opportunity, that'd be a tough business decision, since sadly i think a lot of customers wouldn't understand the value or the work that goes into it
This is funny to watch because I remember 20 years ago working on ATMs, we had a couple guys in the refurb shop who could call Mas Hamilton to get safe codes. (Plus other mechanisms of entry like the dialer behind you).
Oh and yeah back then if they were calling Mas Hamilton, that would have been the old Soft Drill auto dialer! Super amazing and sadly no longer exists.
Great informative video. You make many excellent points and suggestions about how we can actually improve the preservation of our data. Making it harder and taking more time and resources is important. Easy to watch and understand. Thanks.
The name familiar from hearing him mentioned by RantingMonkey. Same dude? I've not seen him myself on any livesteam or podcast that I recall. Rekieta I've been subbed to for years. A+ guy.
one of the issues we had here, despite our privacy laws, was a company had to hand over ALL of their firearm client data to the police. as that was evidence in the case, it was handed over to the lawyers who passes it onto their clients the local gang. how long before something like that happens with the reset codes. don't need to hack the manufacture for the code list, the police might just do the job for ya.
at my last house I had a safe installed and I received from the installer the full docs around the S&G lockset it came with - the installer showed me what is being described in this video. The situation still doesn't "sit well" with me and I'll be looking to obfuscate that part of my safe setup. at the end of the day it's only about adding time to the attempted threat.
Fascinating as always! I wonder about the car datamining thing in Europe. GDPR is quite wide-ranging but I wonder if/when it'll get tested as most seem oblivious/indifferent to the practice of data harvesting.
The page that mentions those things (sexual orientation and activity) says they would only collect that information direct from the customer themselves in the next column, i presume its some sort of promo that they did to try and get in with some community. Being misled by people with agendas from both sides is such fun
Great video. Thank you very much! It’s hard to find a discussion anywhere online about which group 1 combination locks are recommended. I watched that part of your video several times and learned a lot. Thank you
Im a professional trucker. We have E logs dipatch apps cutomer apps routing maps. Prepass and pikepasses those scale houses have radiation hot wheel bearing, low tire pressure sensors That take a picture when you go through checking for seatbelt handheld phones, licence plates, Pre weigh to trip bypass or big scale arrows. Im almost certain that its all time stamped. We had a driver his ex had the cops put out an apb on him For something she said he did. He was at work at the time. The best advice i have is Its best they don't know you. Which is getting harder to do.
Nothing is a panacea, but it's still worth reminding people that you have the *option* of not antagonizing the feds. That might not be the right choice under any given circumstance, and it might not be good enough/they might come after you anyway, but it's still an option that decreases your exposure
@@bosstowndynamics5488 That's not how this country works. _They_ work for _US._ That constitution is a 4 party social contract between "We the People" and the three branches of government we created and delegate authority to, in order to secure our liberty and provide for our common and collcetive good (Doing the things that individuals and/or small groups can't do because of economies of scale.) They need to be reminded of it as much as possible. "Don't complain or they'll trample all over you and your rights" is the wrong attitude. That's the time you stand up high, raise your middle fingers higher and say *_"Don't tread on me,_* because I'll bite a motherfucker."
Re: Slowing Down Attacks In computer security (RSA, other public key systems, ECC, quantum security), the basic principle in most, if not all, digital security is how long or difficult a task you make an attacker with zero knowledge have to take, and how many resources it requires. It's all relative.
Make the hassle outweigh the reward. Works 99% of the time unless the attacker is one of those who does shit 'just because' and enjoys the challenge. I've got friends that have gotten into a lot of places they shouldn't have simply because it was hard to do, so they had to try. Zero reward except the accomplishment.
At the low end, it's "age of the planet", when you do things properly. More securely, it's "heat death of the universe". Of course, this assumes computers don't improve in the next few billion years while you're brute forcing it...
I had a capacitor failure on the electric S&G on my Liberty safe back in 2014. I replaced it with a mechanical lock for exactly the reasons above and the failure mode pissed me off.
Not really. Even IF (and it's a huge if) they actually delete the codes from their database, the same codes are stored by S&G or Securam or whoever makes your particular model of lock. As stated, this practice is industry standard. So even if they delete your code, the Feds just call the lock maker and get it from them instead. But with information being more valuable now than any other time in history, I don't believe any claims of data deletion regardless.
This is a bit more than messing up, and if you genuinely believe they will "delete" your codes you are a fool. Liberty Safe might do away with their personal database of codes, but whoever manufactured the lock will 100% keep your codes stored nice and secure waiting to assist any three letter goons wishing to violate your rights
20:00 ish ...usually the warrant will authorize the search of any place where the evidence sought could be kept. The warrant won't distinguish between a safe owned by another person but kept in the place to be searched. expectation of privacy and possessory rights are more of a consent search issue.
A couple years ago liberty gave the police my combination to my liberty safe after a judge issued a warrant. No pushback no attempt to protect my info. This is and always has been disclosed on their website though. So I can't really complain because I could gave read that before I bought from them. And I did not change the mechanical factory combo. But they would have drilled it had liberty not given it to them. Would I have given it to them? Probably not.
I worked as a tech under contract for a cash machine company and if that electronic lock, which one time it did on a service call, it was simply a corded drill with a 1/4 bit, a ruller and some oil and 30 minutes later it's open. It just had to desroy a pawl on the inner mechanism and it can be opened.
Love your stuff brother. I'm in the Security world myself and seeing your talk about safe cracking made me wonder about X-10s. Will a brute force auto dialer attack work against that??? In my line of work, we rely on them quite exclusively. Them being susceptible to a brute force introduces the possibility of a change in security measures.
It is not possible to brute force an electromechanical safe lock of that variety... After failed attempts, they go into penalty mode for a timeout period. It effectively makes brute forcing impossible. Not to mention, with the dial randomly jumping to other digits when you change direction, a conventional robotic dialer wouldn't be able to do anything with this.
I think your June 2021 video that sings the praises of 4 compaines included LIBERTY. Now that could be because of structural build, but integrity they get an "F".
Using your right to remain silent and not providing the combination could potentially give you time to contact your lawyer and give your lawyer hours to days to review legal documents and respond. But there have been cases where people have been threatened with legal action if they refuse to provide the means to circumvent security of their property and the legal details of that under various circumstances should be discussed with a lawyer.
Remain silent, require them to produce a warrant which requires your compliance, and call your lawyer immediately. Don't let the government intimidate you into giving up your rights. ETA: Also, if threatened with arrest, force, etc., state that you are complying under threat. Preserves your objection later that your cooperation was coerced and the search was not consensual.
Complying with cops/feds absolute doesn't stop them from trashing your place. They're going to trash it either way. They'll punch holes in your drywall for fun and then claim they were searching for drugs in the walls. Just keep your mouth shut.
Deviant - how about getting a Taylor Phoenix through your connections and showing how the vast majority of quality name brand electronic safe locks can be electronically manipulated (with the exception of GSA standard 2740-B compliant locks like the Kaba-Mas X-## or S&G 2740B locks). They even make a special version of the Phoenix only available to our betters (LE) that is in a black rather than orange case and bypasses audit features for black bag/sneak and peek operations. The "Liberty Leak" pales in comparison to the fundamental flaw of information leakage between the keypad and lock body.
basically xraying the lock, but since you can't really get an x ray machine inside the safe, you use a little bit of gamma emitter that you slide into the safe. then a fluoroscope or whatever to look at.
Yeah, a subpoena like we're talking about can't demand the contents of your mind, just objects and data stored in objects, like physical documents and files on a hard drive. And a warrant allows officers to search for physical objects but doesn't compel you to talk. And there's a whole thing I haven't read up on in years about when a subpoena runs into the Fifth Amendment rule against self-incrimination because your ability to access an object via something you know might incriminate you. I'll definitely look for a refresher from a lawyer on that. The traffic stop bit is interesting, because there's limits on traffic stops that don't normally apply when showing up with a warrant, so it might be useful in that one specific instance.
One thing that I do not like about most of the electronic safes is that they have the membrane type keypads. There are *some* keypads out there that have the more mechanical keys on the keypad (e.g. old push button phone), but most have the membrane type. I've had these keypads fail on devices over the years (even though the devices were infrequently used), so I'm extremely hesitant to put such a device on my safe... Now, if the safe had the same push button switches that the old Western Electric (Bell) Model 2500 phones had on them, I would have no qualms about that type of keypad... Those things were robust -- I've never had one of them fail and they were used a lot more times each day than a safe's keypad would ever be used... One issue with any safe though is remembering the combination... If you are not using the combination every day, it's entirely possible that you will forget it... If I'm out of the country for a month or so, I often forget things like this by the time I get back... Part of that is just memory issues from getting older, I suspect... So, you want to write the number down and store it someplace that it would be unlikely to be found by criminals (or jackbooted thugs)... Maybe written / engraved on something that is attached to the bottom of a large piece of furniture or appliance (washer, dryer, fridge, freezer, etc)?
With your last point. If you do write down codes or passwords, don't keep them together and also don't label them. It can be smart to purposely make them incorrect slightly in a way that you will automatically know. Like reversing number orders, leaving out Capitalization, etc....
@@Remsster -- Agreed... Also, another option might be writing the code (possibly obfuscated) in permanent marker or engraved on the inside of an electrical outlet somewhere in the house... Or split between multiple outlet boxes... Just did a rough count of all the outlet and switch boxes in my house and garage and it was over 100... And, of course, you could always write / engrave it on something and put that in a short piece of PVC pipe with caps glued on the ends and buried somewhere in your yard...
Get a password manager (Lastpass etc). Not just for safe combinations, for every password. All my passwords are 24 characters of gibberish, and I don't know any of them except my work IT account sign in (have to input it manually to get into my laptop) and my LastPass master password. Proper password managers keep your data "hashed" and they cannot access it.
Get a password manager (Lastpass etc). Not just for safe combinations, for every password. All my passwords are 24 characters of gibberish, and I don't know any of them except my work IT account sign in (have to input it manually to get into my laptop) and my LastPass master password. Proper password managers keep your data "hashed" and they cannot access it.
Get a password manager (Lastpass etc). Not just for safe combinations, for every password. All my passwords are 24 characters of gibberish, and I don't know any of them except my work IT account sign in (have to input it manually to get into my laptop) and my LastPass master password. Proper password managers keep your data "hashed" and they cannot access it.
I'm inclined to agree with Dev on the preference for mechanical locks. It's often said good security is a tradeoff for accessibility. Losing some advanced functionality such as multiple user codes or ease of use seems like a reasonable tradeoff to remove a low hanging fruit attack vector that an unwanted third party may exploit, situationally dependent of course.
Any security measures a person has are not a proof against any determined attack, they only buy you time to discover and thwart the attack by other means. “Do everything you can to stay off the government’s radar” is good advice because if they do want to go after you they have unlimited resources and agencies to build criminal cases against you. And even if the cases fail to convict you of anything… they have done the intended purpose of ruining your life.
it depends on the jurisdiction but at least in some places warrants can be worded in such a way that you're required to give access to anything inside safes etc, and refusing to do so is seen as failure to comply with warrant... just fyi
Great walk thru the plusses and minuses of mechanical versus electronic, thanks Dev! Curious what you think about the Kaba Mas X10/X09....hard to imagine the GSA has backdoor access to its own locks, but maybe not?
Oh yeah, we have a number of X-09 and X-10 locks on containers around our offices. They're pretty solid, and quite well-made. (I'm certified on the Kaba and S&G FF-L-2740 locks under the GSA and DoD lock program) I even have some original X-07 locks on display in our spaces. Just stay away from the X-08 units which had a high failure rate, heh.
I have two old Browning safes from the 90s. One smaller long gun safe and the big boy is for "other" important items and handguns. The plan is to build the new house next year with a safe room. Is the walk in safe doors as good as a typical safe? For the record, building a fire proof (within reason) room 10×12 is not for the faint of heart.
Don't know where you got the "agonized liberty" picture from, but that can be a comment on SO many things. I'd like to use it on T shirts. You make it, I'll buy one.
WHEN I was raided by the ATF I they had a subpoena and the fire department was on scene. They if I didn't open the safe the fire department would open it with the chopsaw or jaws of life.
I think the difference between "we will give you the combination if you have a warrant for the property" and "we will give you the combination if you subpoena us for it" is almost entirely academic because if they have a warrant, they can get a subpoena, and if for some reason they can't get a subpoena (or if they get it and the combination has been deleted or changed) they're just gonna cut the thing open anyway. You've got to have a pretty niche threat model for that not to apply and to have to worry about somebody non-destructively opening your gun safe by contacting the mfgr and getting them to give them the code.
See Ian's videos on the topic; there are legitimate reasons to want Liberty to have required a subpoena. If you want it, here's my summary of those videos on this topic: In pure legal theory, I think you're right, but in practice, getting such a subpoena takes time effort and money, and safe owners get legal benifits from LE taking the much easier route of forceful entry (at minimum, their defense costs less and/or has more time to prepare their main arguments because they don't need to put effort into disproving that the safe search wss consentual).
@deviantOllam have you seen EEVBlog where the host Dave showed you how you can use an ossiliscope on the battery terminals to figure out if you pressed the right key or a wrong key in the code sequence based off the eletrical voltage difference between a correct and incorrect number based off the subroutines thats the lock calls when a button is pressed? It's a really fascinating video.
Most alarms before remote disarm were the same thing. When u left (that) job I had spreadsheets of installer codes and MACs for every brand sold in US. Im sure most of it is online by now.
I always learn more than I expected to. BTW Lock Picking Lawyer who lives near Richmond VA, showed an auto dialer. Does anyone know - if the authorities have to destryo a safe who pays to replace the safe? Is it like doors - they are allowed to break it to get in with no compensation ?
@@DeviantOllammore about how they work and why they are used so much for .gov containers? X-09 vs x-10? I have a GSA cabinet I bought surplus with a X-09 and have wondered if I should pull it and go with a mechanical as I don’t know how reliable the electronics are going to be after a couple decades. I think they end of lifed the X-09 series in 2013?
@@Poorehouse yes the XX-09 was supplanted by the X-10 officially but i work on more X-09 containers than anything else. they're still in service and it's pretty rare, in my experience, for the electronics to fail outright
They can delete you from their live database but I'd be willing to bet your data will still be on all of their database backups which could still be subpoena'd.
Just to be clear, I own a liberty safe with a mechanical lock. After watching this video, I pulled out my owners manual and found instructions for retrieving my lock code from Liberty Safes for a $15 fee. Just because you have a mechanical lock does not exempt you from this issue. I have filled out the form on their website asking for the info to be deleted. I think that's all I can do at this point.
@@DeviantOllam it is branded as an s&g group 2 lock. The safe is a Liberty Centurion. I have pictures of the manual where it details how to retrieve the lock code from Liberty as well as the lock itself if your interested.
I never really found mechanical locks THAT much more difficult to use than electronic, so I just have manual for everything. Maybe people access their safes more often than I? Like they open their safe 5 times a day or something? Anyway, any lock can be broken into, but they should at least have to work at it, or call a specialist to do it.
when we got our mechanical lock RSC, it came with a combination that had been set by the local Liberty distributor. Is changing that as easy as installing a new lock?
For an electronics person: Rewire the keypad so it enters different numbers than the legend. That way the manufacturer code will only work if you know the new layout.
hahaha that's amazing
This may be the smartest comment on the video, kudos.
I've done this as a joke on one of the doorway access control keypads at my old tech school, but it never occured to me that my mild amount of trolling could have genuine security applications... until now.
back in 95/96 in typing class we used to flip the m and n (or reverse the num pad) keys to mess with our friends…
@@H3110NU
I had a supervisor ask me to clean a keyboard one time.
I accidentally put some of the keys on wrong, then got a call because a keyboard was giving the wrong letters.
😀
I did a brute force attack on a combo lock at a place I was renting. It was a 4 digit lock, I figured I could start at 0000 and go through several numbers every time I walked by. Set it to 0000, and it opened
flawless victory
Some people could conclude that they iuggt to set their code to 9999!
@@bholdr----0slightly more smart but not smart enough people will pick 5555
Pay attention to what Liberty isn't saying, their keypad vendor still has these codes. They'll just redirect the call to them!
Keypad swaps will become a niche market for a while. For the time being you can remove the SN and have a swap party with friends
Indeed.... S&G or AmSec or Securam or whomever will still have the details, most likely.
@@DeviantOllam for amsec and fort knox safes that would be la gard / dormakaba /kaba mas
Most of the electronic locks allow someone to attach a manufacturer device to read the serial number from the electrical connector between the keypad & lock body. So peeling off the serial number sticker doesn't really solve the problem.
21:00 - Ian has said things like this before, though he's never done a deep dive into when or why this specific act can be held against a person in court. In his recent Liberty Safe videos, he went at it from the angle of (paraphrased) "cops love to say that a search was consentual when their warrents are challenged (since establishing it renders the validity of the warrent moot). If they had to destructively open your safe, that provides strong evidence that the search wasn't consentual." In the past, within a video titled "why your spouse needs a gun license (if you are a gun owner)," he pointed out that the police can use the tatic of asking your spouse to open your safe containing your guns to demonstrate that they are in possession of the guns, and thereby justify laying charges against them if they lack a license.
It is important to note that Ian has not stated that "opening a safe can be used against you in court" in such general terms. It is also important to note that he talks to Canadian law most of the time, which may not relate 1:1 with the US (but is often similar).
"why your spouse needs a gun license" is a specific Canada problem, under it's tyrannical gun licensing regeime
@@JaedoDrax Regardless of what it is, it serves to demonstrate the point that opening a safe is an admission in some sense.
My wife does not have the safe code, so she cannot be taken by this trap.
If you have access to the gun you need a license. If you keep your gun in a place where a non-licensed person can access it, you should lose your license (in many countries you do). I cannot see the problem. The rules are quite clear on this, as far as I understand rules in some European countries - of course. I find these very simple rules pretty clear .
@@johanneswerner1140 This topic is irrelevant to my comment, because my comment is solely about the risks of opening a safe for LE and contains no moral judgements of one's hypothetical actions as a gun owner, but there _is_ a problem. It lies in the element you neglected to mention: that one's spouse gets charged with possession. They don't choose whether one shares the code with them, and it should go without saying that the vast majority of couples will live in the same building as a matter of course. Charging them over the choices of their spouse strikes me as a clear injustice.
I will not comment on whether I think people should lose their license over telling their spouse the gun safe combination or key location, because this strikes me as a place where reasonable minds will differ with little room for productive debate. I'd be happy to explain why people may have either opinion if you'd like, but my own opinion will remain unsaid.
(edit: typo; fixed "producitive" because it was bothering me)
"Gravy seals" in your last video I had heard before. "Beer gut putsch" was a new one that left me laughing for a full minute.
I appreciate a non screaming analysis of the situation.
Talking about a company's promise to respect user privacy calls to mind a recent article I saw highlighting one of the private DNA/genetics analysis services who give customers an option, and their promise, to opt their genetic data out of law enforcement searches. It came out that not only was there a backdoor to bypass that choice, but members of the company willingly used the backdoor to specifically search within the database of opted out users in searches at the direct request of law enforcement. And certainly in the absence of subpoena.
I really hope to see a widespread push for better privacy and accountability from these large corporations that we're practically forced to use. For everyone's sake.
Thanks for the great informative content as always Dev!
@@mpioman9885...and that will happen the same day the Patriot Act gets repealed.
ie Don't hold your breath.
The willingness with which citizens hand over vast amounts of private data to third parties through mostly unread but agreed to Terms & Conditions - information most would never willingly or knowingly give to governing bodies and enforcement agencies - is just far too convenient for governments worldwide to pass up or ignore.
If a company has access to data, expect bored employees to look at that data if nothing else.
I mentioned it on another video, but my experience with Liberty was totally 180° from how this mess all went down. A friend passed away, and I was helping his family (and the executor of his trust/will) get into his safes. The person I talked to at Liberty on the phone was sympathetic, but stuck to sensible, professional security responses and wanted actual physical paperwork vetting us and proving we hadn't stolen the safe we were trying to access. I got the impression that they took it seriously and I felt *better* after talking with them when it was all going down.
I'm just disappointed they'd change their policies and approach so drastically when law enforcement concerned.
If Liberty Safe hadn't taken that stance with you, their reputation would be totally trashed forever. There can be no legitimate argument, _ever_, to provide a master code or MCA based on just a phone call or two, not even if the incoming caller ID shows it to be from someone Liberty knows and trusts. I'm sorry for the loss of your friend, but people who own safes die all the time and their death doesn't give anyone the right to access their property, whether it's their family or their executor, without a court order. That court order can then be used by a locksmith to legally open the safe, either destructively or non-destructively if they have the means.
@@tomferrin1148 That's what I was saying, I fully expected that response from them, and I'm disappointed they flip flopped on it for the feds. As a random citizen, they rightfully expected me to prove who I was and why I should have access. I hoped they were like that with everybody. If the policy is "we need bona fide physical paperwork to cover our asses" that would be perfectly reasonable. The issue here with liberty is that they didn't stick to that policy with the feds, and word got out.
So to be clear, the company who sold you out would like to compensate you by promising to delete the override code on your safe. The only thing is, you have to trust them again.
Runkle has advised that the gov't having to destructively open your safe is also useful as evidence in that it shows you did not willingly consent to the search of your safe.
Is that the "calling my client a piece of shit is defamation, as he isn't a literal piece of feces" guy?
@@RobertSzasz not that I know of. It's the lawyer, Ian Runkle/Runkle of the bailey, that is referenced a few times in this video.
@@Agent22817 he's part of the whole Vic Mignogna lolyer circle though?
@@RobertSzasz Runkle is Canadian lol, he's got nothing to do with Mignogna.
One of the things that people in the non-security industry don't realize, it doesn't matter what your security is, on your home, on your safe, on anything. If someone wants entry bad enough, they can, and will get it. It only comes down to how difficult it is. You could have the biggest most secure safe in the world, a properly placed tap drill, a bit of thermite on the hinges, a chop saw, an autodialer, and various other forceful entry methods can, and always are an option, it's just how much time and effort it takes.
Yes, non destructive methods are always preferable, and often quicker, but
Even a heavy duty safe, buried in a panic room, guarded by an army of security personnel, still . is . vulnerable. Just less so.
your attempt to sound studied failed. being invaded by a crack team of heisters with drills and explosives is not a realistic expectation for most people. it would have been smarter to simply advise people to invest in ways to hide the safe behind a false wall or something similar. but yes, ultimately the government will get into your safe using brute force methods if they wanted, another reason to invest in opsec so that isn't a problem in the first place
@@cagneybillingsley2165 wasn't attempting to sound anything.. Just saying, where there's a will, there's a way.
Security is there to deter and slow people down. There are some homes south of me which have priceless master works of art. They have some amazing security procedures and systems, but even their installers (and their insurance cos) warned them that none of this is foolproof. Given enough time and resources, it's all defeatable.
the fire department with a gas chop saw could have gotten into the safe faster then It took the feds to get past call screening with the manufacturer.
That's common sense, which isn't very common nowadays, unfortunately. XD
Preach, Deev. We need to know as much as possible about as much as possible: especially our safety and privacy. Keep up the stellar work.
Thanks for the very kind feedback!
Thanks, DevO.
I've always appreciated your well-reasoned insight coming from the opposite side of the political spectrum. There's a lot of disturbing government overreach no matter how one views the politics. It fascinates me how polarizing this issue is, when it REALLY shouldn't be.
authoritarians are the only ones who think any of this is even remotely ok.
I mean the guy did something absolutely illegal, and we all knew this was gonna be route the Feds were gonna take. I.e. let them walk in and expose themselves, keep people protected, and catch anyone they can later.
However, yeah, it is still concerning how many backdoors and vulnerabilities there are in technology these days. Mfs wonder why I prefer my early 00s car (edit, also just don't buy a Kia if you don't know about that backdoor)
@@TMS5100 He defends authoritarians, the regime is putting people in prison over memes for decades, prosecuting people who didn't even show up for a protest even, this is on him.
Gotta love all the security by obscurity going on in the lock industry, that's been their mantra since forever.
Staying off people's radar is just so big of a suggestion. I hadn't gotten any phishing emails until I started my most recent job. And even now, I only get phishing emails to my work email. As much as I hate the idea of security through obscurity, it actually works as a front line to just not be a target for attacks
The problem with security _through_ obscurity is that the obscurity is the only line of defense, and anyone knowledgeable of your secrets has already defeated your security. Obscurity as a layer of security does work.
I feel bad for the folks who thought Liberty would stand up for their rights. You can never trust a third party against government intrusion, either formal subpoena or simple request. Never trust a third party. Even Chinese or European entities can be forced to disclose info they have. The only difference are the hoops the government has to jump through. This is well known to any InfoSec professional.
no for profit venture of any type stands up for their rights, let alone their customers'.. that's not good business.
correction, very few for profit... etc.
Sure. However, the government will get into the safe if they have a reason to; if someone is a J6 douchebag, their safe will be opened. The only question is if the safe will still be be serviceable in 10 years or whatever when they are out of prison, or if it has a large hole cut in the side of it.
A Liberty safe is not meant to keep out a state actor. It's meant to keep out the basic crackhead or withstand a house fire or similar. So in this case this guy's kids will get a working safe instead of having to get a scrap company to come remove a half-ton block of useless steel and gypsum.
Don't buy a commercial safe of any brand if you need to keep out the government.
Apple seems to do a decent job at it, which is saying a lot considering the politics of most silicon valley corps.
A really good rule of thumb is any business marketing to your patriotism is taking advantage of you.
Yeah nah, we go from one "trust me bro the safe is safe" to a "trust me bro I deleted the backdoor code from record". Let the mob drag them through the coals, they earned this and must become an example to guide other manufacturers.
When they say they’ll trust literally anyone more than they’ll trust “the federal government”, some of them really take it to heart and die on that hill. 😆
Backdoors are a conspiracy theory we only install doors on the front of our safes.
Unless their code is open-source it would be impossible to determine if there was another backdoor, but we know that they would not agree to releasing the source.
Their owners donated the MAX AMOUNT to "Fetterman for Congress" just within the past year... let them burn.
I hope they get slapped with a class action lawsuit from their customers.
@@RichardCranium321 ah yes probably the most radical anti gun proponent around. Makes sense they would immediately triple backflip for the feds.
1) I once had a faulty mechanical combination lock on a two-drawer Mossler file that frustrated the locksmiths' attempt at manipulation. Because of the remote location they were not able to bring their "special" tools. We ended cutting it open with a exothermic torch. Moral of story, if the FBI has a warrant, they're going to get into your safe. It may be the easy way or the hard way but they're going to get in.
2). When the electronic lock on my safe was starting to fail, I decided to replace it with a mechanical one. I knew that mechanical locks were subject to manipulation, thus less secure. OTOH they work for many years without issues and are not subject to EMP. I now know that they also don't have any "backdoor" codes.
Ian was talking about this on the "Legal Friday" livestream on the "Laid Back News" channel earlier today, and he mentioned the whole thing around knowing the safe code implies knowledge and/or ownership of the contents.
Absolutely y I love this & ur content. People literally offended about their privacy (well placed), but completely unaware of the world we've lived in since datamining was the responsibility of manual investigators at the credit rating businesses & not evaluating the costs & work for more than simple security theater.
Are you really attacking people for not being able to see past a concerted propaganda campaign with no help?
@mycosys You need to specify the Info Op you are referencing.
I was referencing that as early as the 1820's w/ Tapan & definitely by the Woolford's in 1899 there had already developed a market & serious incentive for the disruption of individual privacy rights via businesses & government.
Fast forward through WW2, the Cold War, Web Search companies, Patriot Act, & now the Social Media era & Im simply continually flabbergasted that people do trust S&G et. al. to not regularly participate in this activity.
They are simply behaving par for the course across a large cryptifascist dataming socioeconomic landscape.
This guy regularly gives Ted-Talk quality videos. Fantastic!
I have no trust in any company who has collected my data (either with or without my consent) to actually delete my data upon request.
The most “trustworthy” (systems, algorithms, protocols, schemas) are ones where you can safely know you don’t have to put your trust in another party.
You shouldn’t. They probably have backups of that data somewhere and no process to clean those ho, so it could all just reappear after a restore from backup.
Also, part of criminal litigation is simply raising the cost to the prosecution. They are balancing both the chance of success and the resources it would take to bring you to trial against any plea they offer or a potential deciscion not to prosecute.
Yes, (not definitively settled but see law prof Orin Kerr's discussion) the gov can almost certainly compell you to produce the code to either decrpyt your data or open your safe -- provided they can prove you do know the code (not sure under what standard). But, even so, that represents complexity and cost that increase their costs to go to trial and can be used by a good lawyer to increase your chances of either a better plea or a dropped case.
Something else that safe owners may not know is their lockable dials are often keyed alike. This is not the internal lock that locks the safe's bolt work and keeps the safe shut. This is just a small lock for the outside dial on mechanical locks. S&G, and others, offer lockable dials as a small form of nuisance protection. S&G does offer them to be keyed different, but most safe manufacturers are ordering these keyed alike. They do this so it's easier to stock parts, replace keys, etc... But this means if my neighbor and I both have Liberty safes with lockable dials, it's probably the same key. All liberty safes I've ran across with lockable dials use the same key. IMO I wish safe companies wouldn't do this as the "default". They don't tell customers they are keyed alike and there is already too much key sharing in this world. cough-CH751-cough
@ponderinggeek7861: My RV lock has entered the chat!
As a person who used to break into safes my advice is ditch the electronics and get a mechanical. I found work arounds for a variety of brands. They were in the price range of 750-2000 dollars new. Most of them i could open in under 2 minutes without cutting/drilling/damaging. A couple brands would require me to make 2 visits. One to retrieve a number in order to purchase a "backup failsafe key". One brand i remember only had a dozen different keys. In theory i could buy them all for 1200 cash and have them in my collection or just buy the needed one for 100 bucks. I later discovered a unique lock pick available overseas that would open these safes. Ive never seen the tool in the US.
(Pop your digital keypad off and see if theres a strange key hole behind it)
Safes just slow someone down. With enough research and brain power they will open it. Just like your front door lock will keep honest people out but anyone who wants in will get in.
For anyone curious i was not a burglar or thief. I was someone who enjoyed hacking and knew people who were willing to pay for discretion . Unlike a locksmith when i unlocked it i didnt open the door wide and look inside.
Thanks for the 2M explanation and the leads to go search for possibilities of changing the manufacturer's reset code. (Even if there's no reason that there couldn't be some other persistent code in there.) I've already started looking for someone wanting to unload a safe and I'm no certified safe tech but I've managed manipulating open a few and I'm very comfortable with dropping in a group 2 if I can get a deal on the box.
For daily driver use I like LPL's definition of an adequate lock. Instead of misquoting I'll paraphrase:
Will it stop a curious adolescent for the longest time that I will need to leave the firearm unsupervised?
For people with no audio, I think it's an error in the mobile apps/processing because it's working fine here.
1 2 3 4 5 6? That's amazing. That's the same code I have on my luggage.
It's a fluke
@@andrewharrison8436 lol. It's a "great" Mel Brooks movie
it's factory default
Great factual, balanced, and level headed analysis.
I’m definitely thinking about replacing my lock with a mechanical one. I got a Liberty safe earlier this year and am now regretting it.
19:26 The cops literally burned a house down where a fugitive snuck into to get him out and fought to tooth and nail to pay nothing to the owners who didn't even have anything to do with anything. They don't "have" to do shit.
I still remember the Clipper Chip from the '90s. The government will always try to have backdoors for their own convenience.
This seems like an opportunity for someone to make open source safe lock firmware. If the factory microcontroller can't be used (not flashable, etc), replace it with an ATMEGA 328p or something (or do a full open source replacement board). Obviously it would need to have protections against differential power analysis and such, but those attacks and mitigations are pretty well known.
it may be an "opportunity" in an academic sense, but as far as a market opportunity, that'd be a tough business decision, since sadly i think a lot of customers wouldn't understand the value or the work that goes into it
@@DeviantOllam oh, yes. Definitely not a business thing - a hacker/diy thing.
This is funny to watch because I remember 20 years ago working on ATMs, we had a couple guys in the refurb shop who could call Mas Hamilton to get safe codes. (Plus other mechanisms of entry like the dialer behind you).
Yes on the SenCon electromechanical safe locks, that may be possible.
Oh and yeah back then if they were calling Mas Hamilton, that would have been the old Soft Drill auto dialer! Super amazing and sadly no longer exists.
Great informative video. You make many excellent points and suggestions about how we can actually improve the preservation of our data. Making it harder and taking more time and resources is important. Easy to watch and understand. Thanks.
Nice you mentioned Runkle. Just watched him on with Rekieta.
The name familiar from hearing him mentioned by RantingMonkey. Same dude? I've not seen him myself on any livesteam or podcast that I recall. Rekieta I've been subbed to for years. A+ guy.
I was a KY Assistant Attorney General and Montana Deputy County Attorney both criminal division but live overseas and am a dual national.
Moe: "Where's the key to the safe?"
Curly: "I put it in the safe so I'd remember where it was!"
I am changing my locks to the SG 6631-004.. Group 2M 4 digit. That should give there auto dialer a good workout
One good choice.
My guns are largely not stock. When I finally buy a large safe, I'll be taking some of this advice and upgrading it.
one of the issues we had here, despite our privacy laws, was a company had to hand over ALL of their firearm client data to the police. as that was evidence in the case, it was handed over to the lawyers who passes it onto their clients the local gang. how long before something like that happens with the reset codes. don't need to hack the manufacture for the code list, the police might just do the job for ya.
at my last house I had a safe installed and I received from the installer the full docs around the S&G lockset it came with - the installer showed me what is being described in this video. The situation still doesn't "sit well" with me and I'll be looking to obfuscate that part of my safe setup. at the end of the day it's only about adding time to the attempted threat.
Fascinating as always!
I wonder about the car datamining thing in Europe. GDPR is quite wide-ranging but I wonder if/when it'll get tested as most seem oblivious/indifferent to the practice of data harvesting.
The page that mentions those things (sexual orientation and activity) says they would only collect that information direct from the customer themselves in the next column, i presume its some sort of promo that they did to try and get in with some community. Being misled by people with agendas from both sides is such fun
Great video. Thank you very much! It’s hard to find a discussion anywhere online about which group 1 combination locks are recommended. I watched that part of your video several times and learned a lot. Thank you
Im a professional trucker. We have E logs dipatch apps cutomer apps routing maps. Prepass and pikepasses those scale houses have radiation hot wheel bearing, low tire pressure sensors
That take a picture when you go through checking for seatbelt handheld phones, licence plates,
Pre weigh to trip bypass or big scale arrows. Im almost certain that its all time stamped. We had a driver his ex had the cops put out an apb on him
For something she said he did. He was at work at the time.
The best advice i have is
Its best they don't know you.
Which is getting harder to do.
Thanks, Ollam. It's good to hear this from you.
RUclips recommended this video, by the way.
This is a very good thing, it has opened up a lot of peoples eyes to digital security I hope.
I've started writing up liberty safes as a finding. I had to do that yesterday for a law office.
i love the long form videos! thanks for them ❤
“Be a good person. Try to stay off the Fed’s radar…”
Like that’s stopped them before.
Nothing is a panacea, but it's still worth reminding people that you have the *option* of not antagonizing the feds. That might not be the right choice under any given circumstance, and it might not be good enough/they might come after you anyway, but it's still an option that decreases your exposure
@@bosstowndynamics5488 fair point.
@@bosstowndynamics5488 That's not how this country works. _They_ work for _US._ That constitution is a 4 party social contract between "We the People" and the three branches of government we created and delegate authority to, in order to secure our liberty and provide for our common and collcetive good (Doing the things that individuals and/or small groups can't do because of economies of scale.)
They need to be reminded of it as much as possible. "Don't complain or they'll trample all over you and your rights" is the wrong attitude. That's the time you stand up high, raise your middle fingers higher and say *_"Don't tread on me,_* because I'll bite a motherfucker."
Heck just watching videos such as this probably got us on a list.
Re: Slowing Down Attacks
In computer security (RSA, other public key systems, ECC, quantum security), the basic principle in most, if not all, digital security is how long or difficult a task you make an attacker with zero knowledge have to take, and how many resources it requires. It's all relative.
"Encryption".
Make the hassle outweigh the reward. Works 99% of the time unless the attacker is one of those who does shit 'just because' and enjoys the challenge.
I've got friends that have gotten into a lot of places they shouldn't have simply because it was hard to do, so they had to try. Zero reward except the accomplishment.
At the low end, it's "age of the planet", when you do things properly. More securely, it's "heat death of the universe".
Of course, this assumes computers don't improve in the next few billion years while you're brute forcing it...
Thanks for the intelligent followup explanation.
I'd love to hear more about the Kaba Mas X07 mechanism.
I had a capacitor failure on the electric S&G on my Liberty safe back in 2014. I replaced it with a mechanical lock for exactly the reasons above and the failure mode pissed me off.
Thanks for all of the great information. I do know that the ProLogic L01 by Securam is an upgrade option for some Liberty safes.
This is good, they acknowledged they messed up and have provided a clearway forward and are taking it.
Not really. Even IF (and it's a huge if) they actually delete the codes from their database, the same codes are stored by S&G or Securam or whoever makes your particular model of lock. As stated, this practice is industry standard. So even if they delete your code, the Feds just call the lock maker and get it from them instead. But with information being more valuable now than any other time in history, I don't believe any claims of data deletion regardless.
This is a bit more than messing up, and if you genuinely believe they will "delete" your codes you are a fool. Liberty Safe might do away with their personal database of codes, but whoever manufactured the lock will 100% keep your codes stored nice and secure waiting to assist any three letter goons wishing to violate your rights
20:00 ish ...usually the warrant will authorize the search of any place where the evidence sought could be kept. The warrant won't distinguish between a safe owned by another person but kept in the place to be searched. expectation of privacy and possessory rights are more of a consent search issue.
cheers. People do indeed need to be more aware of the World around them. it benefits us all for more People to be.
A couple years ago liberty gave the police my combination to my liberty safe after a judge issued a warrant. No pushback no attempt to protect my info. This is and always has been disclosed on their website though. So I can't really complain because I could gave read that before I bought from them. And I did not change the mechanical factory combo. But they would have drilled it had liberty not given it to them. Would I have given it to them? Probably not.
I was waiting for your take on this. Thank you.
I worked as a tech under contract for a cash machine company and if that electronic lock, which one time it did on a service call, it was simply a corded drill with a 1/4 bit, a ruller and some oil and 30 minutes later it's open. It just had to desroy a pawl on the inner mechanism and it can be opened.
Love your stuff brother. I'm in the Security world myself and seeing your talk about safe cracking made me wonder about X-10s. Will a brute force auto dialer attack work against that??? In my line of work, we rely on them quite exclusively. Them being susceptible to a brute force introduces the possibility of a change in security measures.
It is not possible to brute force an electromechanical safe lock of that variety... After failed attempts, they go into penalty mode for a timeout period.
It effectively makes brute forcing impossible. Not to mention, with the dial randomly jumping to other digits when you change direction, a conventional robotic dialer wouldn't be able to do anything with this.
I think your June 2021 video that sings the praises of 4 compaines included LIBERTY. Now that could be because of structural build, but integrity they get an "F".
Using your right to remain silent and not providing the combination could potentially give you time to contact your lawyer and give your lawyer hours to days to review legal documents and respond. But there have been cases where people have been threatened with legal action if they refuse to provide the means to circumvent security of their property and the legal details of that under various circumstances should be discussed with a lawyer.
Remain silent, require them to produce a warrant which requires your compliance, and call your lawyer immediately. Don't let the government intimidate you into giving up your rights.
ETA: Also, if threatened with arrest, force, etc., state that you are complying under threat. Preserves your objection later that your cooperation was coerced and the search was not consensual.
Law enforcement will lie and make threats. Just STFU. Until a judge orders you to give them the combination, they can go pound sand.
Complying with cops/feds absolute doesn't stop them from trashing your place. They're going to trash it either way. They'll punch holes in your drywall for fun and then claim they were searching for drugs in the walls. Just keep your mouth shut.
Deviant - how about getting a Taylor Phoenix through your connections and showing how the vast majority of quality name brand electronic safe locks can be electronically manipulated (with the exception of GSA standard 2740-B compliant locks like the Kaba-Mas X-## or S&G 2740B locks).
They even make a special version of the Phoenix only available to our betters (LE) that is in a black rather than orange case and bypasses audit features for black bag/sneak and peek operations.
The "Liberty Leak" pales in comparison to the fundamental flaw of information leakage between the keypad and lock body.
"Small bits of isotope on the end of a rod, trying to look through your safe" .... Please, do tell! 😲 😆
basically xraying the lock, but since you can't really get an x ray machine inside the safe, you use a little bit of gamma emitter that you slide into the safe. then a fluoroscope or whatever to look at.
Yeah, a subpoena like we're talking about can't demand the contents of your mind, just objects and data stored in objects, like physical documents and files on a hard drive. And a warrant allows officers to search for physical objects but doesn't compel you to talk. And there's a whole thing I haven't read up on in years about when a subpoena runs into the Fifth Amendment rule against self-incrimination because your ability to access an object via something you know might incriminate you. I'll definitely look for a refresher from a lawyer on that.
The traffic stop bit is interesting, because there's limits on traffic stops that don't normally apply when showing up with a warrant, so it might be useful in that one specific instance.
One thing that I do not like about most of the electronic safes is that they have the membrane type keypads. There are *some* keypads out there that have the more mechanical keys on the keypad (e.g. old push button phone), but most have the membrane type. I've had these keypads fail on devices over the years (even though the devices were infrequently used), so I'm extremely hesitant to put such a device on my safe... Now, if the safe had the same push button switches that the old Western Electric (Bell) Model 2500 phones had on them, I would have no qualms about that type of keypad... Those things were robust -- I've never had one of them fail and they were used a lot more times each day than a safe's keypad would ever be used...
One issue with any safe though is remembering the combination... If you are not using the combination every day, it's entirely possible that you will forget it... If I'm out of the country for a month or so, I often forget things like this by the time I get back... Part of that is just memory issues from getting older, I suspect... So, you want to write the number down and store it someplace that it would be unlikely to be found by criminals (or jackbooted thugs)... Maybe written / engraved on something that is attached to the bottom of a large piece of furniture or appliance (washer, dryer, fridge, freezer, etc)?
With your last point. If you do write down codes or passwords, don't keep them together and also don't label them. It can be smart to purposely make them incorrect slightly in a way that you will automatically know. Like reversing number orders, leaving out Capitalization, etc....
@@Remsster -- Agreed... Also, another option might be writing the code (possibly obfuscated) in permanent marker or engraved on the inside of an electrical outlet somewhere in the house... Or split between multiple outlet boxes... Just did a rough count of all the outlet and switch boxes in my house and garage and it was over 100... And, of course, you could always write / engrave it on something and put that in a short piece of PVC pipe with caps glued on the ends and buried somewhere in your yard...
Get a password manager (Lastpass etc). Not just for safe combinations, for every password. All my passwords are 24 characters of gibberish, and I don't know any of them except my work IT account sign in (have to input it manually to get into my laptop) and my LastPass master password.
Proper password managers keep your data "hashed" and they cannot access it.
Get a password manager (Lastpass etc). Not just for safe combinations, for every password. All my passwords are 24 characters of gibberish, and I don't know any of them except my work IT account sign in (have to input it manually to get into my laptop) and my LastPass master password.
Proper password managers keep your data "hashed" and they cannot access it.
Get a password manager (Lastpass etc). Not just for safe combinations, for every password. All my passwords are 24 characters of gibberish, and I don't know any of them except my work IT account sign in (have to input it manually to get into my laptop) and my LastPass master password.
Proper password managers keep your data "hashed" and they cannot access it.
“Sometimes your purpose in life is to serve as a warning to others”
On the auto dialer can you set digits for it to try first like birthdays, and anniversaries the person might have used as a combination
I would never keep anything incriminating in my safe. Just my 100lb collection of loose thermite.
Liberty Safe is based in Payson Utah. In Utah, don't look to state law to protect consumers, Federal law is usually more protective.
I'm inclined to agree with Dev on the preference for mechanical locks. It's often said good security is a tradeoff for accessibility. Losing some advanced functionality such as multiple user codes or ease of use seems like a reasonable tradeoff to remove a low hanging fruit attack vector that an unwanted third party may exploit, situationally dependent of course.
Never been more glad to have an old 1905 bank safe with no keypad. You need 2 keys and a 4 digit dial lock number...
That's really cool that you have that
Any security measures a person has are not a proof against any determined attack, they only buy you time to discover and thwart the attack by other means.
“Do everything you can to stay off the government’s radar” is good advice because if they do want to go after you they have unlimited resources and agencies to build criminal cases against you.
And even if the cases fail to convict you of anything… they have done the intended purpose of ruining your life.
it depends on the jurisdiction but at least in some places warrants can be worded in such a way that you're required to give access to anything inside safes etc, and refusing to do so is seen as failure to comply with warrant... just fyi
Great walk thru the plusses and minuses of mechanical versus electronic, thanks Dev! Curious what you think about the Kaba Mas X10/X09....hard to imagine the GSA has backdoor access to its own locks, but maybe not?
Oh yeah, we have a number of X-09 and X-10 locks on containers around our offices. They're pretty solid, and quite well-made. (I'm certified on the Kaba and S&G FF-L-2740 locks under the GSA and DoD lock program)
I even have some original X-07 locks on display in our spaces. Just stay away from the X-08 units which had a high failure rate, heh.
With the proliferation of stepper motors, SBC's and the like, i wonder how easy and cost effecting a home brewed version of that AutoDialer would be?
Do they have a lock with a clutch that if it spins to fast it disengages the lock?
Sneaky - I like it. The mechanical equivalent of the increasing timeout after each failure to the next trial on an electronic lock.
I have two old Browning safes from the 90s. One smaller long gun safe and the big boy is for "other" important items and handguns. The plan is to build the new house next year with a safe room.
Is the walk in safe doors as good as a typical safe?
For the record, building a fire proof (within reason) room 10×12 is not for the faint of heart.
Don't know where you got the "agonized liberty" picture from, but that can be a comment on SO many things. I'd like to use it on T shirts. You make it, I'll buy one.
Can we get a video or a link to how they cracked safes with isotopes on rods??
I'll talk about that in a future video
WHEN I was raided by the ATF I they had a subpoena and the fire department was on scene. They if I didn't open the safe the fire department would open it with the chopsaw or jaws of life.
I think the difference between "we will give you the combination if you have a warrant for the property" and "we will give you the combination if you subpoena us for it" is almost entirely academic because if they have a warrant, they can get a subpoena, and if for some reason they can't get a subpoena (or if they get it and the combination has been deleted or changed) they're just gonna cut the thing open anyway. You've got to have a pretty niche threat model for that not to apply and to have to worry about somebody non-destructively opening your gun safe by contacting the mfgr and getting them to give them the code.
See Ian's videos on the topic; there are legitimate reasons to want Liberty to have required a subpoena.
If you want it, here's my summary of those videos on this topic: In pure legal theory, I think you're right, but in practice, getting such a subpoena takes time effort and money, and safe owners get legal benifits from LE taking the much easier route of forceful entry (at minimum, their defense costs less and/or has more time to prepare their main arguments because they don't need to put effort into disproving that the safe search wss consentual).
Man you have really missed the mark here, and thoughts like you've expressed are exactly why the bill of rights was created.
That's cool, it's been master codes all the way down
You get a sub because you knew Runkle, all hail the elven lawyer!
@deviantOllam have you seen EEVBlog where the host Dave showed you how you can use an ossiliscope on the battery terminals to figure out if you pressed the right key or a wrong key in the code sequence based off the eletrical voltage difference between a correct and incorrect number based off the subroutines thats the lock calls when a button is pressed? It's a really fascinating video.
Yep, that's differential power analysis 👍
Most alarms before remote disarm were the same thing. When u left (that) job I had spreadsheets of installer codes and MACs for every brand sold in US. Im sure most of it is online by now.
I always learn more than I expected to. BTW Lock Picking Lawyer who lives near Richmond VA, showed an auto dialer.
Does anyone know - if the authorities have to destryo a safe who pays to replace the safe? Is it like doors - they are allowed to break it to get in with no compensation ?
I'm fairly sure they do not need to compensate broken safes, but I don't know for certain.
Great info!!! Thanks for taking the time and effort to make it!
The override combination sequence is the serial number backwards entered three times.
While standing on one foot
Would love to see you get an X9 or x10 randomized dial locks
What would you like to see about them? We have several on display at the office, I have one at my house, etc.
@@DeviantOllammore about how they work and why they are used so much for .gov containers? X-09 vs x-10? I have a GSA cabinet I bought surplus with a X-09 and have wondered if I should pull it and go with a mechanical as I don’t know how reliable the electronics are going to be after a couple decades. I think they end of lifed the X-09 series in 2013?
@@Poorehouse yes the XX-09 was supplanted by the X-10 officially but i work on more X-09 containers than anything else. they're still in service and it's pretty rare, in my experience, for the electronics to fail outright
I wish I had dad's 1956 Buick Special.
They can delete you from their live database but I'd be willing to bet your data will still be on all of their database backups which could still be subpoena'd.
I just order a new lock, sanded the name off and painted. 🤣🍻🇺🇸
Just to be clear, I own a liberty safe with a mechanical lock. After watching this video, I pulled out my owners manual and found instructions for retrieving my lock code from Liberty Safes for a $15 fee. Just because you have a mechanical lock does not exempt you from this issue. I have filled out the form on their website asking for the info to be deleted. I think that's all I can do at this point.
Is your mechanical lock branded? I'd be so curious as to what lock model they have by default.
@@DeviantOllam it is branded as an s&g group 2 lock. The safe is a Liberty Centurion. I have pictures of the manual where it details how to retrieve the lock code from Liberty as well as the lock itself if your interested.
@@chriss4663 is there any model number on it?
@@DeviantOllam Not that I can find.
This is prime time to buy a safe on the cheap used if your okay with the issues lol
I never really found mechanical locks THAT much more difficult to use than electronic, so I just have manual for everything. Maybe people access their safes more often than I? Like they open their safe 5 times a day or something? Anyway, any lock can be broken into, but they should at least have to work at it, or call a specialist to do it.
when we got our mechanical lock RSC, it came with a combination that had been set by the local Liberty distributor. Is changing that as easy as installing a new lock?