SAFES
Your secret ’ s safe with me …
Safelock Systems Ltd is a trade distributor of locks for safes , stocking a range of products from leading manufacturers such as LA GARD , dormakaba and Tecnosicurezza . Director Jasmine Hunt-Brown tells us about a recent hot topic amongst security and insurance professionals .
I ’ ve got a secret code to get into your safe … Ok , that ’ s not strictly true . We are not intending to go rogue and pilfer the contents of the nation ’ s safes !
There can be no secret or hidden codes in safe locks certified to EN 1300 , which form the majority of our lock portfolio , and which are the only locks that can be used on safes certified to EN 14450 or graded to EN 1143-1 or EN 1143-2 , or LPS 1183 .
What we do have , is detailed knowledge of all the default codes used on all the electronic safe locks that we supply , and it is becoming more and more apparent that this would provide us with very easy access to many safes installed across the country .
“ Any villain can obtain default codes simply by searching the internet …”
Changing default codes
The issue arises because safe lock users are not changing the default codes that the locks are supplied with , which in practical terms , is the same as leaving the safe door open , and inviting the burglar in for a cup of tea . Any villain can obtain default codes simply by searching the internet or perusing our website , where the information is freely available in user operating manuals .
PSTI
Currently a Bill for new legislation is journeying through Parliament - the Product Security and Telecommunication Infrastructure Bill - which will , amongst other things , ban the use of default passwords on internet connectable devices , with significant fines for non-compliance by manufacturers . This is to protect against vulnerabilities that have historically allowed cyber-criminals to target certain products , such as routers or baby monitors .
EN 1300
The above legislation will not apply to non-internetconnectable devices like most safe locks , and as such there is no mechanism to prevent default codes from existing . The EN 1300 standard specifies that manufacturers must include in their operating instructions the notes below :
• The factory code shall be changed …
• No simple codes which are easy to guess should be chosen for coding …
• No personal data … should be used for coding …
However , the standard does not currently prevent a default , or ‘ factory ’ code from existing . Some locks on the market have a default code , others are supplied in factory condition so that they open when button 1 is pressed , and the lock must be activated either using the keypad or with software to use a fulllength code . Pressing 1 in this instance is effectively a default code .
Realistically , it would not be appropriate to disallow default codes , there must exist a hierarchy of users , and there must be a starting point , whether that is the number 1 or the code 123456 .
Manufacturers are however , starting to address changing codes in newer locks , such as in the 700 Series .
Forced code changes
Currently , on a 700 Series lock , when a new Manager or User is added to the lock , their code is not valid to open until it has been changed .
52
MAR / APR 2022
locksmithjournal . co . uk Issue Takeover
Magazine Sponsor