For an electronics person: Rewire the keypad so it enters different numbers than the legend. That way the manufacturer code will only work if you know the new layout.

I did a brute force attack on a combo lock at a place I was renting. It was a 4 digit lock, I figured I could start at 0000 and go through several numbers every time I walked by. Set it to 0000, and it opened

I appreciate a non screaming analysis of the situation.

Pay attention to what Liberty isn't saying, their keypad vendor still has these codes. They'll just redirect the call to them! Keypad swaps will become a niche market for a while. For the time being you can remove the SN and have a swap party with friends

"Gravy seals" in your last video I had heard before. "Beer gut putsch" was a new one that left me laughing for a full minute.

21:00 - Ian has said things like this before, though he's never done a deep dive into when or why this specific act can be held against a person in court. In his recent Liberty Safe videos, he went at it from the angle of (paraphrased) "cops love to say that a search was consentual when their warrents are challenged (since establishing it renders the validity of the warrent moot). If they had to destructively open your safe, that provides strong evidence that the search wasn't consentual." In the past, within a video titled "why your spouse needs a gun license (if you are a gun owner)," he pointed out that the police can use the tatic of asking your spouse to open your safe containing your guns to demonstrate that they are in possession of the guns, and thereby justify laying charges against them if they lack a license. It is important to note that Ian has not stated that "opening a safe can be used against you in court" in such general terms. It is also important to note that he talks to Canadian law most of the time, which may not relate 1:1 with the US (but is often similar).

Talking about a company's promise to respect user privacy calls to mind a recent article I saw highlighting one of the private DNA/genetics analysis services who give customers an option, and their promise, to opt their genetic data out of law enforcement searches. It came out that not only was there a backdoor to bypass that choice, but members of the company willingly used the backdoor to specifically search within the database of opted out users in searches at the direct request of law enforcement. And certainly in the absence of subpoena.

So to be clear, the company who sold you out would like to compensate you by promising to delete the override code on your safe. The only thing is, you have to trust them again.

Runkle has advised that the gov't having to destructively open your safe is also useful as evidence in that it shows you did not willingly consent to the search of your safe.

I mentioned it on another video, but my experience with Liberty was totally 180° from how this mess all went down. A friend passed away, and I was helping his family (and the executor of his trust/will) get into his safes. The person I talked to at Liberty on the phone was sympathetic, but stuck to sensible, professional security responses and wanted actual physical paperwork vetting us and proving we hadn't stolen the safe we were trying to access. I got the impression that they took it seriously and I felt *better* after talking with them when it was all going down. I'm just disappointed they'd change their policies and approach so drastically when law enforcement concerned.

Thanks, DevO. I've always appreciated your well-reasoned insight coming from the opposite side of the political spectrum. There's a lot of disturbing government overreach no matter how one views the politics. It fascinates me how polarizing this issue is, when it REALLY shouldn't be.

Thanks for the 2M explanation and the leads to go search for possibilities of changing the manufacturer's reset code. (Even if there's no reason that there couldn't be some other persistent code in there.) I've already started looking for someone wanting to unload a safe and I'm no certified safe tech but I've managed manipulating open a few and I'm very comfortable with dropping in a group 2 if I can get a deal on the box. For daily driver use I like LPL's definition of an adequate lock. Instead of misquoting I'll paraphrase: Will it stop a curious adolescent for the longest time that I will need to leave the firearm unsupervised?

1 2 3 4 5 6? That's amazing. That's the same code I have on my luggage.

Preach, Deev. We need to know as much as possible about as much as possible: especially our safety and privacy. Keep up the stellar work.

I have no trust in any company who has collected my data (either with or without my consent) to actually delete my data upon request.

One of the things that people in the non-security industry don't realize, it doesn't matter what your security is, on your home, on your safe, on anything. If someone wants entry bad enough, they can, and will get it. It only comes down to how difficult it is. You could have the biggest most secure safe in the world, a properly placed tap drill, a bit of thermite on the hinges, a chop saw, an autodialer, and various other forceful entry methods can, and always are an option, it's just how much time and effort it takes. Yes, non destructive methods are always preferable, and often quicker, but Even a heavy duty safe, buried in a panic room, guarded by an army of security personnel, still . is . vulnerable. Just less so.

Staying off people's radar is just so big of a suggestion. I hadn't gotten any phishing emails until I started my most recent job. And even now, I only get phishing emails to my work email. As much as I hate the idea of security through obscurity, it actually works as a front line to just not be a target for attacks

Gotta love all the security by obscurity going on in the lock industry, that's been their mantra since forever.

1) I once had a faulty mechanical combination lock on a two-drawer Mossler file that frustrated the locksmiths' attempt at manipulation. Because of the remote location they were not able to bring their "special" tools. We ended cutting it open with a exothermic torch. Moral of story, if the FBI has a warrant, they're going to get into your safe. It may be the easy way or the hard way but they're going to get in. 2). When the electronic lock on my safe was starting to fail, I decided to replace it with a mechanical one. I knew that mechanical locks were subject to manipulation, thus less secure. OTOH they work for many years without issues and are not subject to EMP. I now know that they also don't have any "backdoor" codes.

This guy regularly gives Ted-Talk quality videos. Fantastic!

As a person who used to break into safes my advice is ditch the electronics and get a mechanical. I found work arounds for a variety of brands. They were in the price range of 750-2000 dollars new. Most of them i could open in under 2 minutes without cutting/drilling/damaging. A couple brands would require me to make 2 visits. One to retrieve a number in order to purchase a "backup failsafe key". One brand i remember only had a dozen different keys. In theory i could buy them all for 1200 cash and have them in my collection or just buy the needed one for 100 bucks. I later discovered a unique lock pick available overseas that would open these safes. Ive never seen the tool in the US. (Pop your digital keypad off and see if theres a strange key hole behind it) Safes just slow someone down. With enough research and brain power they will open it. Just like your front door lock will keep honest people out but anyone who wants in will get in. For anyone curious i was not a burglar or thief. I was someone who enjoyed hacking and knew people who were willing to pay for discretion . Unlike a locksmith when i unlocked it i didnt open the door wide and look inside.

Yeah nah, we go from one "trust me bro the safe is safe" to a "trust me bro I deleted the backdoor code from record". Let the mob drag them through the coals, they earned this and must become an example to guide other manufacturers.

I feel bad for the folks who thought Liberty would stand up for their rights. You can never trust a third party against government intrusion, either formal subpoena or simple request. Never trust a third party. Even Chinese or European entities can be forced to disclose info they have. The only difference are the hoops the government has to jump through. This is well known to any InfoSec professional.

Ian was talking about this on the "Legal Friday" livestream on the "Laid Back News" channel earlier today, and he mentioned the whole thing around knowing the safe code implies knowledge and/or ownership of the contents.

I had a capacitor failure on the electric S&G on my Liberty safe back in 2014. I replaced it with a mechanical lock for exactly the reasons above and the failure mode pissed me off.

at my last house I had a safe installed and I received from the installer the full docs around the S&G lockset it came with - the installer showed me what is being described in this video. The situation still doesn't "sit well" with me and I'll be looking to obfuscate that part of my safe setup. at the end of the day it's only about adding time to the attempted threat.

This seems like an opportunity for someone to make open source safe lock firmware. If the factory microcontroller can't be used (not flashable, etc), replace it with an ATMEGA 328p or something (or do a full open source replacement board). Obviously it would need to have protections against differential power analysis and such, but those attacks and mitigations are pretty well known.

A couple years ago liberty gave the police my combination to my liberty safe after a judge issued a warrant. No pushback no attempt to protect my info. This is and always has been disclosed on their website though. So I can't really complain because I could gave read that before I bought from them. And I did not change the mechanical factory combo. But they would have drilled it had liberty not given it to them. Would I have given it to them? Probably not.

I’m definitely thinking about replacing my lock with a mechanical one. I got a Liberty safe earlier this year and am now regretting it.

Absolutely y I love this & ur content. People literally offended about their privacy (well placed), but completely unaware of the world we've lived in since datamining was the responsibility of manual investigators at the credit rating businesses & not evaluating the costs & work for more than simple security theater.

Also, part of criminal litigation is simply raising the cost to the prosecution. They are balancing both the chance of success and the resources it would take to bring you to trial against any plea they offer or a potential deciscion not to prosecute. Yes, (not definitively settled but see law prof Orin Kerr's discussion) the gov can almost certainly compell you to produce the code to either decrpyt your data or open your safe -- provided they can prove you do know the code (not sure under what standard). But, even so, that represents complexity and cost that increase their costs to go to trial and can be used by a good lawyer to increase your chances of either a better plea or a dropped case.

For people with no audio, I think it's an error in the mobile apps/processing because it's working fine here.

Can we get a video or a link to how they cracked safes with isotopes on rods??

I am changing my locks to the SG 6631-004.. Group 2M 4 digit. That should give there auto dialer a good workout

I still remember the Clipper Chip from the '90s. The government will always try to have backdoors for their own convenience.

Do they have a lock with a clutch that if it spins to fast it disengages the lock?

Fascinating as always! I wonder about the car datamining thing in Europe. GDPR is quite wide-ranging but I wonder if/when it'll get tested as most seem oblivious/indifferent to the practice of data harvesting.

Moe: "Where's the key to the safe?" Curly: "I put it in the safe so I'd remember where it was!"

Great factual, balanced, and level headed analysis.

This is funny to watch because I remember 20 years ago working on ATMs, we had a couple guys in the refurb shop who could call Mas Hamilton to get safe codes. (Plus other mechanisms of entry like the dialer behind you).

19:26 The cops literally burned a house down where a fugitive snuck into to get him out and fought to tooth and nail to pay nothing to the owners who didn't even have anything to do with anything. They don't "have" to do shit.

Love your stuff brother. I'm in the Security world myself and seeing your talk about safe cracking made me wonder about X-10s. Will a brute force auto dialer attack work against that??? In my line of work, we rely on them quite exclusively. Them being susceptible to a brute force introduces the possibility of a change in security measures.

Nice you mentioned Runkle. Just watched him on with Rekieta.

Great walk thru the plusses and minuses of mechanical versus electronic, thanks Dev! Curious what you think about the Kaba Mas X10/X09....hard to imagine the GSA has backdoor access to its own locks, but maybe not?

On the auto dialer can you set digits for it to try first like birthdays, and anniversaries the person might have used as a combination

I have two old Browning safes from the 90s. One smaller long gun safe and the big boy is for "other" important items and handguns. The plan is to build the new house next year with a safe room. Is the walk in safe doors as good as a typical safe? For the record, building a fire proof (within reason) room 10×12 is not for the faint of heart.

I always learn more than I expected to. BTW Lock Picking Lawyer who lives near Richmond VA, showed an auto dialer. Does anyone know - if the authorities have to destryo a safe who pays to replace the safe? Is it like doors - they are allowed to break it to get in with no compensation ?

My guns are largely not stock. When I finally buy a large safe, I'll be taking some of this advice and upgrading it.

“Be a good person. Try to stay off the Fed’s radar…” Like that’s stopped them before.

one of the issues we had here, despite our privacy laws, was a company had to hand over ALL of their firearm client data to the police. as that was evidence in the case, it was handed over to the lawyers who passes it onto their clients the local gang. how long before something like that happens with the reset codes. don't need to hack the manufacture for the code list, the police might just do the job for ya.

With the proliferation of stepper motors, SBC's and the like, i wonder how easy and cost effecting a home brewed version of that AutoDialer would be?

I'd love to hear more about the Kaba Mas X07 mechanism.

Im a professional trucker. We have E logs dipatch apps cutomer apps routing maps. Prepass and pikepasses those scale houses have radiation hot wheel bearing, low tire pressure sensors That take a picture when you go through checking for seatbelt handheld phones, licence plates, Pre weigh to trip bypass or big scale arrows. Im almost certain that its all time stamped. We had a driver his ex had the cops put out an apb on him For something she said he did. He was at work at the time. The best advice i have is Its best they don't know you. Which is getting harder to do.

Thanks for all of the great information. I do know that the ProLogic L01 by Securam is an upgrade option for some Liberty safes.

Great video. Thank you very much! It’s hard to find a discussion anywhere online about which group 1 combination locks are recommended. I watched that part of your video several times and learned a lot. Thank you

I would never keep anything incriminating in my safe. Just my 100lb collection of loose thermite.

I have a question a friend asked me, he and his best friend both bought the same model Liberty safe, at the same, and live across town from each other, would it do any good for them to switch locks with each other.

I've started writing up liberty safes as a finding. I had to do that yesterday for a law office.

20:00 ish ...usually the warrant will authorize the search of any place where the evidence sought could be kept. The warrant won't distinguish between a safe owned by another person but kept in the place to be searched. expectation of privacy and possessory rights are more of a consent search issue.

Thanks for the intelligent followup explanation.

Great informative video. You make many excellent points and suggestions about how we can actually improve the preservation of our data. Making it harder and taking more time and resources is important. Easy to watch and understand. Thanks.

“Sometimes your purpose in life is to serve as a warning to others”

I can't seem to find a link to the full car report on the Mozilla blog post you linked too. Specifically I'm looking for more information about the claims that automakers are acquiring • Genetic sequencing • Information about my sex life And by what mechanisms they're acquired by. I'm pretty sure they aren't putting genetic sequencers in the steering wheel, so this claim seems suspicious. Similarly, I'm pretty sure that assuming I'm not having sex inside the vehicle with a vehicle connected camera pointed at me, then it seems weird they'd somehow acquire that information. Any help on where I can find more information about these claims?

So, what now? Does someone want to put together an open source hardware replacement for electronic safe locks? Maybe just replacement firmware?

when we got our mechanical lock RSC, it came with a combination that had been set by the local Liberty distributor. Is changing that as easy as installing a new lock?

I worked as a tech under contract for a cash machine company and if that electronic lock, which one time it did on a service call, it was simply a corded drill with a 1/4 bit, a ruller and some oil and 30 minutes later it's open. It just had to desroy a pawl on the inner mechanism and it can be opened.

Just to be clear, I own a liberty safe with a mechanical lock. After watching this video, I pulled out my owners manual and found instructions for retrieving my lock code from Liberty Safes for a $15 fee. Just because you have a mechanical lock does not exempt you from this issue. I have filled out the form on their website asking for the info to be deleted. I think that's all I can do at this point.

Would love to see you get an X9 or x10 randomized dial locks

Never been more glad to have an old 1905 bank safe with no keypad. You need 2 keys and a 4 digit dial lock number...

Alternatively, can you make a video that is just auto-dialer sounds and can I in turn rip the audio and add it to a white noise machine?

it depends on the jurisdiction but at least in some places warrants can be worded in such a way that you're required to give access to anything inside safes etc, and refusing to do so is seen as failure to comply with warrant... just fyi

i love the long form videos! thanks for them ❤

One thing that I do not like about most of the electronic safes is that they have the membrane type keypads. There are *some* keypads out there that have the more mechanical keys on the keypad (e.g. old push button phone), but most have the membrane type. I've had these keypads fail on devices over the years (even though the devices were infrequently used), so I'm extremely hesitant to put such a device on my safe... Now, if the safe had the same push button switches that the old Western Electric (Bell) Model 2500 phones had on them, I would have no qualms about that type of keypad... Those things were robust -- I've never had one of them fail and they were used a lot more times each day than a safe's keypad would ever be used... One issue with any safe though is remembering the combination... If you are not using the combination every day, it's entirely possible that you will forget it... If I'm out of the country for a month or so, I often forget things like this by the time I get back... Part of that is just memory issues from getting older, I suspect... So, you want to write the number down and store it someplace that it would be unlikely to be found by criminals (or jackbooted thugs)... Maybe written / engraved on something that is attached to the bottom of a large piece of furniture or appliance (washer, dryer, fridge, freezer, etc)?

Don't know where you got the "agonized liberty" picture from, but that can be a comment on SO many things. I'd like to use it on T shirts. You make it, I'll buy one.

Liberty Safe is based in Payson Utah. In Utah, don't look to state law to protect consumers, Federal law is usually more protective.

Re: Slowing Down Attacks In computer security (RSA, other public key systems, ECC, quantum security), the basic principle in most, if not all, digital security is how long or difficult a task you make an attacker with zero knowledge have to take, and how many resources it requires. It's all relative.

I was a KY Assistant Attorney General and Montana Deputy County Attorney both criminal division but live overseas and am a dual national.

Thanks, Ollam. It's good to hear this from you. KZbin recommended this video, by the way.

This is a very good thing, it has opened up a lot of peoples eyes to digital security I hope.

"Small bits of isotope on the end of a rod, trying to look through your safe" .... Please, do tell! 😲 😆

Deviant - how about getting a Taylor Phoenix through your connections and showing how the vast majority of quality name brand electronic safe locks can be electronically manipulated (with the exception of GSA standard 2740-B compliant locks like the Kaba-Mas X-## or S&G 2740B locks). They even make a special version of the Phoenix only available to our betters (LE) that is in a black rather than orange case and bypasses audit features for black bag/sneak and peek operations. The "Liberty Leak" pales in comparison to the fundamental flaw of information leakage between the keypad and lock body.

Using your right to remain silent and not providing the combination could potentially give you time to contact your lawyer and give your lawyer hours to days to review legal documents and respond. But there have been cases where people have been threatened with legal action if they refuse to provide the means to circumvent security of their property and the legal details of that under various circumstances should be discussed with a lawyer.

Any thoughts on scientology throwing their hat in the ring on R2R?

I think your June 2021 video that sings the praises of 4 compaines included LIBERTY. Now that could be because of structural build, but integrity they get an "F".

What if i have a DIAL TUMBLER Liberty safe, is there a "master code" for those too?

Are there mechanical models with long enough combinations to make autodialers unfeasible, and with designs that can't be manipulated? Are they much more expensive than most common safes?

I was waiting for your take on this. Thank you.

cheers. People do indeed need to be more aware of the World around them. it benefits us all for more People to be.

I do have to wonder.. How hard would it be to have a bar welded across the front of the safe obstructing the middle/lower part of the dial, to prevent an auto dialer from being attached?

Good info as always, and I have a dumb question even after watching your talk on safes. How would a UL rated fire safe inside another bigger UL rated fire & burglery safe work? I finally have the space to get a proper safe for the few long guns we have, but the biggest risk for my area is wild/forest fire. The import documents and irreplaceable family stuff are the thing I worry about protecting.

You stated this is normal in the industry. This back door stuff. Can you state what other manufacturers di this?

This is prime time to buy a safe on the cheap used if your okay with the issues lol

That's cool, it's been master codes all the way down

I am more worried about liberty safe employees giving out back door codes.

Down in Arizona if you want to come down and do a video of a change out of a Securam to mechanical. I have a machinery and welding equipment.

Any luck finding that story about the impounded car with a safe in it? Great post as always ... thanks

I never really found mechanical locks THAT much more difficult to use than electronic, so I just have manual for everything. Maybe people access their safes more often than I? Like they open their safe 5 times a day or something? Anyway, any lock can be broken into, but they should at least have to work at it, or call a specialist to do it.

Complying with cops/feds absolute doesn't stop them from trashing your place. They're going to trash it either way. They'll punch holes in your drywall for fun and then claim they were searching for drugs in the walls. Just keep your mouth shut.

not to sound snarky, but if someone really wanted top security on a safe, why not use a Mosler dial? those things are impossible to open WITH the combination (i'm talking about the self powering electric ones you can find on GSA safes). as far as i know, they can't be drilled because there is nothing to drill. or rather, you can't drill a hole and use a borescope and instead its a massive pain and a lot of cutting. i would think that Mosler lock was better than a digital keypad lock or maybe even just a regular mechanical lock with a very fancy drill resistant door. i suppose once the feds have a warrant, they will get in your safe but you can at least make them waste time cutting lol

Seems like a safe owner should be able to remove all the serial numbers from their locks and safes. I’m sure I’m not the first person to think of this, but what’s the down side of doing that?