Wyden urges NCSC to warn public about backdoor codes to commercial locks and safes

WASHINGTON (KTVZ) -- Sen. Ron Wyden, D-Ore., has urged National Counterintelligence and Security Center Director Michael Casey to alert the public to the possibility that the Chinese government may possess backdoor codes to electronic locks made in China, by updating public educational materials to recommend that businesses upgrade their safe locks to meet U.S. government security standards.

It is a common, albeit not widely known industry practice for manufacturers of locks used by consumers and businesses to feature manufacturer backdoor codes, Wyden said in a news release Wednesday.

In response to questions from Wyden’s office, the Department of Defense confirmed the national security threat that such manufacturer reset codes pose, which are not permitted in locks used to store U.S. government secrets.

DoD, which is responsible for the U.S. government’s standards for lock security, also confirmed that the existence of these backdoors had been intentionally withheld from the public to avoid revealing methods that the U.S. government uses to gain access to locks and safes.

“Many commercially available safes include electronic locks that can also be unlocked using  special codes set by and known only to the manufacturer,” Wyden wrote. “These backdoor codes can be exploited by foreign adversaries to steal sensitive information that U.S. businesses store in safes, such as trade secrets and other intellectual property.”

Three companies manufacture the vast majority of electronic safe locks used in the United States: China based SECURAM Systems, Sargent and Greenleaf, based in the United States, and dormakaba, based in Switzerland. 

Wyden continued by highlighting the national security threat posed by manufacturer reset codes: “China-based SECURAM Systems is one of the largest manufacturers of electronic safe locks sold in the U.S.,” Wyden continued. “SECURAM could be forced to share codes with the Chinese government that would enable surreptitious or clandestine access to the safes used by U.S. businesses.” 

“U.S. businesses cannot protect their valuable intellectual property, and consequently, America’s global economic edge, from foreign espionage if they are kept in the dark about vulnerabilities in the safe locks they use. To that end, I urge the NCSC to update its public educational materials to recommend that businesses upgrade their safe locks to those that meet U.S. government security standards,” Wyden concluded.

Full text of the letter is here.