The key is inserted into the lock, which produces a sound as the pin slips off a key ridge. (Image Credit: National University of Singapore)
This is kind of scary. Also seems like a super cool Bond device.
It can be easy enough to pick keyed locks, but a new-found technique makes it much easier. Researchers at the National University of Singapore have discovered that by using a smartphone to record a key’s sound in a lock, you can capture all the needed information to create a working duplicate.
The new technique, called SpiKey, works on pin tumbler locks, which are commonly used in everything from doors to padlocks. As the key slides into the lock, its ridges force six metal spring-backed pins into certain positions. When they are perfectly aligned, the tumbler can be turned, and from there, the lock opens.
Opening a lock without a key can be done by a locksmith using a specialized set of tools that gradually move each pin into different positions to find the correct combination for the tumbler to turn. The SpiKey method is a lot easier, needs minimal to no skill, and only requires knowledge of how to operate a 3D printer.
A spectrogram of the key’s sound as it’s inserted into the lock and makes contact with the pins. (Image Credit: National University of Singapore)
The team discovered that the sounds produced by the key as it collides with the spring-loaded pins, and the timing between each click, can be reverse-engineered to determine the key’s shape. Even though a six-pin lock has approximately 330,000 possible key shapes, the SpiKey is capable of narrowing it down to just three, which are very easy to work through and test.
However, the technique has a few challenges. The software comes with built-in error correction, but a key will need to be inserted into a lock at a consistent speed. Doing so will allow the recorded sounds to be analyzed and reverse-engineered. To keep anyone from using the technique to break into a house, the homeowner can use erratic, jerky motions when inserting the key into a lock. If an attacker is using a smartphone to record the sounds, they will need to be less than four inches away from the lock. This is to ensure the software can capture enough audio for it to create the duplicate. The researchers also say that malware installed on a target’s smartphone can record the sounds of a lock they’re opening. A smart doorbell could also be compromised, allowing it to record the sounds.
This will only work if there are no audio distractions in the surrounding area, such as traffic rushing by or other sounds that could affect the recording. The attack isn’t foolproof just yet, so it’s still safe enough to unlock the front door while making an abundance of noises just to draw out any sound the SpiKey attack may otherwise record.
Have a story tip? Message me at: http://twitter.com/Cabe_Atwell