For an electronics person: Rewire the keypad so it enters different numbers than the legend. That way the manufacturer code will only work if you know the new layout.

I did a brute force attack on a combo lock at a place I was renting. It was a 4 digit lock, I figured I could start at 0000 and go through several numbers every time I walked by. Set it to 0000, and it opened

I appreciate a non screaming analysis of the situation.

Pay attention to what Liberty isn't saying, their keypad vendor still has these codes. They'll just redirect the call to them! Keypad swaps will become a niche market for a while. For the time being you can remove the SN and have a swap party with friends

21:00 - Ian has said things like this before, though he's never done a deep dive into when or why this specific act can be held against a person in court. In his recent Liberty Safe videos, he went at it from the angle of (paraphrased) "cops love to say that a search was consentual when their warrents are challenged (since establishing it renders the validity of the warrent moot). If they had to destructively open your safe, that provides strong evidence that the search wasn't consentual." In the past, within a video titled "why your spouse needs a gun license (if you are a gun owner)," he pointed out that the police can use the tatic of asking your spouse to open your safe containing your guns to demonstrate that they are in possession of the guns, and thereby justify laying charges against them if they lack a license. It is important to note that Ian has not stated that "opening a safe can be used against you in court" in such general terms. It is also important to note that he talks to Canadian law most of the time, which may not relate 1:1 with the US (but is often similar).

"Gravy seals" in your last video I had heard before. "Beer gut putsch" was a new one that left me laughing for a full minute.

Talking about a company's promise to respect user privacy calls to mind a recent article I saw highlighting one of the private DNA/genetics analysis services who give customers an option, and their promise, to opt their genetic data out of law enforcement searches. It came out that not only was there a backdoor to bypass that choice, but members of the company willingly used the backdoor to specifically search within the database of opted out users in searches at the direct request of law enforcement. And certainly in the absence of subpoena.

Runkle has advised that the gov't having to destructively open your safe is also useful as evidence in that it shows you did not willingly consent to the search of your safe.

I mentioned it on another video, but my experience with Liberty was totally 180° from how this mess all went down. A friend passed away, and I was helping his family (and the executor of his trust/will) get into his safes. The person I talked to at Liberty on the phone was sympathetic, but stuck to sensible, professional security responses and wanted actual physical paperwork vetting us and proving we hadn't stolen the safe we were trying to access. I got the impression that they took it seriously and I felt *better* after talking with them when it was all going down. I'm just disappointed they'd change their policies and approach so drastically when law enforcement concerned.

So to be clear, the company who sold you out would like to compensate you by promising to delete the override code on your safe. The only thing is, you have to trust them again.

One of the things that people in the non-security industry don't realize, it doesn't matter what your security is, on your home, on your safe, on anything. If someone wants entry bad enough, they can, and will get it. It only comes down to how difficult it is. You could have the biggest most secure safe in the world, a properly placed tap drill, a bit of thermite on the hinges, a chop saw, an autodialer, and various other forceful entry methods can, and always are an option, it's just how much time and effort it takes. Yes, non destructive methods are always preferable, and often quicker, but Even a heavy duty safe, buried in a panic room, guarded by an army of security personnel, still . is . vulnerable. Just less so.

1 2 3 4 5 6? That's amazing. That's the same code I have on my luggage.

Yeah nah, we go from one "trust me bro the safe is safe" to a "trust me bro I deleted the backdoor code from record". Let the mob drag them through the coals, they earned this and must become an example to guide other manufacturers.

Thanks, DevO. I've always appreciated your well-reasoned insight coming from the opposite side of the political spectrum. There's a lot of disturbing government overreach no matter how one views the politics. It fascinates me how polarizing this issue is, when it REALLY shouldn't be.

Gotta love all the security by obscurity going on in the lock industry, that's been their mantra since forever.

Preach, Deev. We need to know as much as possible about as much as possible: especially our safety and privacy. Keep up the stellar work.

1) I once had a faulty mechanical combination lock on a two-drawer Mossler file that frustrated the locksmiths' attempt at manipulation. Because of the remote location they were not able to bring their "special" tools. We ended cutting it open with a exothermic torch. Moral of story, if the FBI has a warrant, they're going to get into your safe. It may be the easy way or the hard way but they're going to get in. 2). When the electronic lock on my safe was starting to fail, I decided to replace it with a mechanical one. I knew that mechanical locks were subject to manipulation, thus less secure. OTOH they work for many years without issues and are not subject to EMP. I now know that they also don't have any "backdoor" codes.

Staying off people's radar is just so big of a suggestion. I hadn't gotten any phishing emails until I started my most recent job. And even now, I only get phishing emails to my work email. As much as I hate the idea of security through obscurity, it actually works as a front line to just not be a target for attacks

I feel bad for the folks who thought Liberty would stand up for their rights. You can never trust a third party against government intrusion, either formal subpoena or simple request. Never trust a third party. Even Chinese or European entities can be forced to disclose info they have. The only difference are the hoops the government has to jump through. This is well known to any InfoSec professional.

Ian was talking about this on the "Legal Friday" livestream on the "Laid Back News" channel earlier today, and he mentioned the whole thing around knowing the safe code implies knowledge and/or ownership of the contents.

I have no trust in any company who has collected my data (either with or without my consent) to actually delete my data upon request.

Also, part of criminal litigation is simply raising the cost to the prosecution. They are balancing both the chance of success and the resources it would take to bring you to trial against any plea they offer or a potential deciscion not to prosecute. Yes, (not definitively settled but see law prof Orin Kerr's discussion) the gov can almost certainly compell you to produce the code to either decrpyt your data or open your safe -- provided they can prove you do know the code (not sure under what standard). But, even so, that represents complexity and cost that increase their costs to go to trial and can be used by a good lawyer to increase your chances of either a better plea or a dropped case.

I’m definitely thinking about replacing my lock with a mechanical one. I got a Liberty safe earlier this year and am now regretting it.

Something else that safe owners may not know is their lockable dials are often keyed alike. This is not the internal lock that locks the safe's bolt work and keeps the safe shut. This is just a small lock for the outside dial on mechanical locks. S&G, and others, offer lockable dials as a small form of nuisance protection. S&G does offer them to be keyed different, but most safe manufacturers are ordering these keyed alike. They do this so it's easier to stock parts, replace keys, etc... But this means if my neighbor and I both have Liberty safes with lockable dials, it's probably the same key. All liberty safes I've ran across with lockable dials use the same key. IMO I wish safe companies wouldn't do this as the "default". They don't tell customers they are keyed alike and there is already too much key sharing in this world. cough-CH751-cough

Absolutely y I love this & ur content. People literally offended about their privacy (well placed), but completely unaware of the world we've lived in since datamining was the responsibility of manual investigators at the credit rating businesses & not evaluating the costs & work for more than simple security theater.

Great factual, balanced, and level headed analysis.

Nice you mentioned Runkle. Just watched him on with Rekieta.

This is funny to watch because I remember 20 years ago working on ATMs, we had a couple guys in the refurb shop who could call Mas Hamilton to get safe codes. (Plus other mechanisms of entry like the dialer behind you).

For people with no audio, I think it's an error in the mobile apps/processing because it's working fine here.

I still remember the Clipper Chip from the '90s. The government will always try to have backdoors for their own convenience.

Thanks for the 2M explanation and the leads to go search for possibilities of changing the manufacturer's reset code. (Even if there's no reason that there couldn't be some other persistent code in there.) I've already started looking for someone wanting to unload a safe and I'm no certified safe tech but I've managed manipulating open a few and I'm very comfortable with dropping in a group 2 if I can get a deal on the box. For daily driver use I like LPL's definition of an adequate lock. Instead of misquoting I'll paraphrase: Will it stop a curious adolescent for the longest time that I will need to leave the firearm unsupervised?

Im a professional trucker. We have E logs dipatch apps cutomer apps routing maps. Prepass and pikepasses those scale houses have radiation hot wheel bearing, low tire pressure sensors That take a picture when you go through checking for seatbelt handheld phones, licence plates, Pre weigh to trip bypass or big scale arrows. Im almost certain that its all time stamped. We had a driver his ex had the cops put out an apb on him For something she said he did. He was at work at the time. The best advice i have is Its best they don't know you. Which is getting harder to do.

This seems like an opportunity for someone to make open source safe lock firmware. If the factory microcontroller can't be used (not flashable, etc), replace it with an ATMEGA 328p or something (or do a full open source replacement board). Obviously it would need to have protections against differential power analysis and such, but those attacks and mitigations are pretty well known.

Thanks for the intelligent followup explanation.

This guy regularly gives Ted-Talk quality videos. Fantastic!

I was a KY Assistant Attorney General and Montana Deputy County Attorney both criminal division but live overseas and am a dual national.

“Be a good person. Try to stay off the Fed’s radar…” Like that’s stopped them before.

19:26 The cops literally burned a house down where a fugitive snuck into to get him out and fought to tooth and nail to pay nothing to the owners who didn't even have anything to do with anything. They don't "have" to do shit.

I am changing my locks to the SG 6631-004.. Group 2M 4 digit. That should give there auto dialer a good workout

My guns are largely not stock. When I finally buy a large safe, I'll be taking some of this advice and upgrading it.

one of the issues we had here, despite our privacy laws, was a company had to hand over ALL of their firearm client data to the police. as that was evidence in the case, it was handed over to the lawyers who passes it onto their clients the local gang. how long before something like that happens with the reset codes. don't need to hack the manufacture for the code list, the police might just do the job for ya.

Thanks, Ollam. It's good to hear this from you. KZbin recommended this video, by the way.

This is a very good thing, it has opened up a lot of peoples eyes to digital security I hope.

cheers. People do indeed need to be more aware of the World around them. it benefits us all for more People to be.

I've started writing up liberty safes as a finding. I had to do that yesterday for a law office.

This is good, they acknowledged they messed up and have provided a clearway forward and are taking it.

Great informative video. You make many excellent points and suggestions about how we can actually improve the preservation of our data. Making it harder and taking more time and resources is important. Easy to watch and understand. Thanks.

at my last house I had a safe installed and I received from the installer the full docs around the S&G lockset it came with - the installer showed me what is being described in this video. The situation still doesn't "sit well" with me and I'll be looking to obfuscate that part of my safe setup. at the end of the day it's only about adding time to the attempted threat.

20:00 ish ...usually the warrant will authorize the search of any place where the evidence sought could be kept. The warrant won't distinguish between a safe owned by another person but kept in the place to be searched. expectation of privacy and possessory rights are more of a consent search issue.

Re: Slowing Down Attacks In computer security (RSA, other public key systems, ECC, quantum security), the basic principle in most, if not all, digital security is how long or difficult a task you make an attacker with zero knowledge have to take, and how many resources it requires. It's all relative.

Moe: "Where's the key to the safe?" Curly: "I put it in the safe so I'd remember where it was!"

Fascinating as always! I wonder about the car datamining thing in Europe. GDPR is quite wide-ranging but I wonder if/when it'll get tested as most seem oblivious/indifferent to the practice of data harvesting.

I was waiting for your take on this. Thank you.

Great video. Thank you very much! It’s hard to find a discussion anywhere online about which group 1 combination locks are recommended. I watched that part of your video several times and learned a lot. Thank you

I'd love to hear more about the Kaba Mas X07 mechanism.

Never been more glad to have an old 1905 bank safe with no keypad. You need 2 keys and a 4 digit dial lock number...

Yeah, a subpoena like we're talking about can't demand the contents of your mind, just objects and data stored in objects, like physical documents and files on a hard drive. And a warrant allows officers to search for physical objects but doesn't compel you to talk. And there's a whole thing I haven't read up on in years about when a subpoena runs into the Fifth Amendment rule against self-incrimination because your ability to access an object via something you know might incriminate you. I'll definitely look for a refresher from a lawyer on that. The traffic stop bit is interesting, because there's limits on traffic stops that don't normally apply when showing up with a warrant, so it might be useful in that one specific instance.

I think your June 2021 video that sings the praises of 4 compaines included LIBERTY. Now that could be because of structural build, but integrity they get an "F".

i love the long form videos! thanks for them ❤

Thanks for all of the great information. I do know that the ProLogic L01 by Securam is an upgrade option for some Liberty safes.

That's cool, it's been master codes all the way down

“Sometimes your purpose in life is to serve as a warning to others”

Do they have a lock with a clutch that if it spins to fast it disengages the lock?

Love your stuff brother. I'm in the Security world myself and seeing your talk about safe cracking made me wonder about X-10s. Will a brute force auto dialer attack work against that??? In my line of work, we rely on them quite exclusively. Them being susceptible to a brute force introduces the possibility of a change in security measures.

"Small bits of isotope on the end of a rod, trying to look through your safe" .... Please, do tell! 😲 😆

I would never keep anything incriminating in my safe. Just my 100lb collection of loose thermite.

What if someone wanted to go absolutely insane with safe security? Top of the line with the absolute billy badass mechanical lock.

As a person who used to break into safes my advice is ditch the electronics and get a mechanical. I found work arounds for a variety of brands. They were in the price range of 750-2000 dollars new. Most of them i could open in under 2 minutes without cutting/drilling/damaging. A couple brands would require me to make 2 visits. One to retrieve a number in order to purchase a "backup failsafe key". One brand i remember only had a dozen different keys. In theory i could buy them all for 1200 cash and have them in my collection or just buy the needed one for 100 bucks. I later discovered a unique lock pick available overseas that would open these safes. Ive never seen the tool in the US. (Pop your digital keypad off and see if theres a strange key hole behind it) Safes just slow someone down. With enough research and brain power they will open it. Just like your front door lock will keep honest people out but anyone who wants in will get in. For anyone curious i was not a burglar or thief. I was someone who enjoyed hacking and knew people who were willing to pay for discretion . Unlike a locksmith when i unlocked it i didnt open the door wide and look inside.

One thing that I do not like about most of the electronic safes is that they have the membrane type keypads. There are *some* keypads out there that have the more mechanical keys on the keypad (e.g. old push button phone), but most have the membrane type. I've had these keypads fail on devices over the years (even though the devices were infrequently used), so I'm extremely hesitant to put such a device on my safe... Now, if the safe had the same push button switches that the old Western Electric (Bell) Model 2500 phones had on them, I would have no qualms about that type of keypad... Those things were robust -- I've never had one of them fail and they were used a lot more times each day than a safe's keypad would ever be used... One issue with any safe though is remembering the combination... If you are not using the combination every day, it's entirely possible that you will forget it... If I'm out of the country for a month or so, I often forget things like this by the time I get back... Part of that is just memory issues from getting older, I suspect... So, you want to write the number down and store it someplace that it would be unlikely to be found by criminals (or jackbooted thugs)... Maybe written / engraved on something that is attached to the bottom of a large piece of furniture or appliance (washer, dryer, fridge, freezer, etc)?

This is prime time to buy a safe on the cheap used if your okay with the issues lol

I worked as a tech under contract for a cash machine company and if that electronic lock, which one time it did on a service call, it was simply a corded drill with a 1/4 bit, a ruller and some oil and 30 minutes later it's open. It just had to desroy a pawl on the inner mechanism and it can be opened.

Great walk thru the plusses and minuses of mechanical versus electronic, thanks Dev! Curious what you think about the Kaba Mas X10/X09....hard to imagine the GSA has backdoor access to its own locks, but maybe not?

Using your right to remain silent and not providing the combination could potentially give you time to contact your lawyer and give your lawyer hours to days to review legal documents and respond. But there have been cases where people have been threatened with legal action if they refuse to provide the means to circumvent security of their property and the legal details of that under various circumstances should be discussed with a lawyer.

I've been thinking about this for a few days now. The thoughts that are still bouncing around in my mind: - STFU is still the best advice ever :) Whether someone else gives them the manufacturer's code or they have to do a destructive entry, they'll have one more hurdle to overcome in proving that you knew the combination to that safe and that it wasn't just on the property under someone else's control. - While there may be a lot being made of this, it actually might be as simple as them having a kinda stupid (but not totally stupid) policy and a legal department that should have done a better job. From what I've seen, their policy is to snitch when presented with a warrant for the property, meaning that authorities did have to at least show probable cause for the search, but didn't have to go the extra step of seeking to legally compel Liberty to give up the goods. Their legal department should have done better, but it sounds like there was at least some bar the cops had to reach. I'd be curious what the bar is for other safe manufacturers and component suppliers... how cozy with the feds does S&G really want to be and are there any entities that will simply give up the goods for a mere request from law enforcement? Just because Liberty had a shitty policy and that showed its head here doesn't mean that there aren't entities out there with worse ones that we just don't know about. - As bad as this is, it's worth noting that the feds seem to have gone to some effort here to minimize the damage caused by their search and avoid a destructive entry on an expensive safe along with all the mess that it would cause to the surrounding property. I actually wish they would lean into this more and try to avoid causing damage when serving search warrants. I have to wonder why authorities took steps to avoid damage on some caught-on-camera J6 dingus while showing such a high degree of blatant malice when executing the search warrant on Missy's apartment for her doodily-do. Again, I'd actually prefer that the authorities in both cases took measures to be somewhat tidy in their search; 4A specifies search and seizure, not search and destroy.

I have two old Browning safes from the 90s. One smaller long gun safe and the big boy is for "other" important items and handguns. The plan is to build the new house next year with a safe room. Is the walk in safe doors as good as a typical safe? For the record, building a fire proof (within reason) room 10×12 is not for the faint of heart.

On the auto dialer can you set digits for it to try first like birthdays, and anniversaries the person might have used as a combination

I wish I had dad's 1956 Buick Special.

Complying with cops/feds absolute doesn't stop them from trashing your place. They're going to trash it either way. They'll punch holes in your drywall for fun and then claim they were searching for drugs in the walls. Just keep your mouth shut.

With the proliferation of stepper motors, SBC's and the like, i wonder how easy and cost effecting a home brewed version of that AutoDialer would be?

I have a question a friend asked me, he and his best friend both bought the same model Liberty safe, at the same, and live across town from each other, would it do any good for them to switch locks with each other.

Deviant - how about getting a Taylor Phoenix through your connections and showing how the vast majority of quality name brand electronic safe locks can be electronically manipulated (with the exception of GSA standard 2740-B compliant locks like the Kaba-Mas X-## or S&G 2740B locks). They even make a special version of the Phoenix only available to our betters (LE) that is in a black rather than orange case and bypasses audit features for black bag/sneak and peek operations. The "Liberty Leak" pales in comparison to the fundamental flaw of information leakage between the keypad and lock body.

WHEN I was raided by the ATF I they had a subpoena and the fire department was on scene. They if I didn't open the safe the fire department would open it with the chopsaw or jaws of life.

when we got our mechanical lock RSC, it came with a combination that had been set by the local Liberty distributor. Is changing that as easy as installing a new lock?

Liberty Safe is based in Payson Utah. In Utah, don't look to state law to protect consumers, Federal law is usually more protective.

One of the upsides of most of the privacy laws that do exist is that they are setting the rights upon the individual. This means that even if the company is not itself located in California (for example) the fact that they sell to California residents, and do business in California, makes them subject to the law. Technically if they didn’t mind withdrawing from sales in the state of California they could ignore the law, but I don’t think they would do that. Secondly as it’s not cost effective to produce “right to be forgotten” policies for each state and the EU you can generally bet they will just enact their procedures for any customer.

I think the difference between "we will give you the combination if you have a warrant for the property" and "we will give you the combination if you subpoena us for it" is almost entirely academic because if they have a warrant, they can get a subpoena, and if for some reason they can't get a subpoena (or if they get it and the combination has been deleted or changed) they're just gonna cut the thing open anyway. You've got to have a pretty niche threat model for that not to apply and to have to worry about somebody non-destructively opening your gun safe by contacting the mfgr and getting them to give them the code.

I'm inclined to agree with Dev on the preference for mechanical locks. It's often said good security is a tradeoff for accessibility. Losing some advanced functionality such as multiple user codes or ease of use seems like a reasonable tradeoff to remove a low hanging fruit attack vector that an unwanted third party may exploit, situationally dependent of course.

Any security measures a person has are not a proof against any determined attack, they only buy you time to discover and thwart the attack by other means. “Do everything you can to stay off the government’s radar” is good advice because if they do want to go after you they have unlimited resources and agencies to build criminal cases against you. And even if the cases fail to convict you of anything… they have done the intended purpose of ruining your life.

I'm a lawyer, haven't looked this up but remember there are States laws and Federal laws....so there are two sets to check out and there are so many criminal laws that a NGO trys to keep track of all the criminal charges in the federal code, it's a challenge. I'm not actively privately practicing but will be back in the "active" KY list but am active in FIVE federal court to the Supreme Court. Would be an interesting research idea. Perhaps, I'll do it and dump you the results.

I am more worried about liberty safe employees giving out back door codes.

Just to be clear, I own a liberty safe with a mechanical lock. After watching this video, I pulled out my owners manual and found instructions for retrieving my lock code from Liberty Safes for a $15 fee. Just because you have a mechanical lock does not exempt you from this issue. I have filled out the form on their website asking for the info to be deleted. I think that's all I can do at this point.

I keep 20lbs of ball bearings, combustible material and a trip wire in my Liberty Safe :). The problem with the opt out is, opting out shoulf have been default and you should have been asked to opt in.

Great info!!! Thanks for taking the time and effort to make it!

The opening meme has me in tears 😂

Some of this conversation is reminding me of 1993 "The NSA rubber hoses you for your PGP password". Just saying, Threat Models are useful. But, overall, excellent video. Thank you.

Most alarms before remote disarm were the same thing. When u left (that) job I had spreadsheets of installer codes and MACs for every brand sold in US. Im sure most of it is online by now.

Reminds me of the clipper chip issue. Yes the government could get in but the backdoor was so weak that it so exposed the computer to myriad of attackers - that was the greater danger. I was so glad that move suffered a horrible infant death

Presumably, the keypad communicates which button is pressed, through wiring, to a module inside the safe that accumulates the sequence entered, and compares it to the legal codes, and decides whether to unlock the safe. This would seem to provide and opportunity to intercept (within the secure volume) the key press information, and permute it (or worse, ala Enigma) before passing it to the lock mechanism. Then, even if an attacker knew the manufacturer's reset code, he would need to pre-un-permute it, requiring him to know the permutation. This seems to be an amelioration of any back door codes, though it makes you vulnerable to failure of the permutation module. Also, this would invalidate the supply current measurement during code ROM read out attack, since knowing the codes doesn't keep you from needing the permutation. If there's a wire per button, such a module could be completely passive. If the front panel encodes the button and sends it serially, the module would need a micro processor to receive the code, permute it, and send it to the back end. But with enough GPIO pins the permutation could still be set with jumper wires, denying the opportunity for programming software to have been compromised. Do you think that there's a market?

Alternatively, can you make a video that is just auto-dialer sounds and can I in turn rip the audio and add it to a white noise machine?

it depends on the jurisdiction but at least in some places warrants can be worded in such a way that you're required to give access to anything inside safes etc, and refusing to do so is seen as failure to comply with warrant... just fyi