Scientists from the National University of Singapore have published a report on the interesting SpiKey technique that allows opening a lock. They argue that having overheard and recorded the sound of the lock opening, you can pick up the key to this very lock.The researchers say that a physical lock, of course, can be broken in a more traditional way, but this will require certain knowledge, skills and tools. In addition, ordinary burglars leave traces on the inside of the lock, which can later be detected by forensic experts.
In fact, proposed by the researchers attack proposed suggests using the microphone of a regular smartphone to capture the sound of inserting and extracting a key from the lock. This sound allows concluding about the shape of the key and its beard, and then creating a copy.
So, special software determines the time between clicks, when the key contacts the pins in the lock, and, based on this data, recreates the key itself. Subsequently, the obtained data can be used to create a copy of the key, for example, using a 3D printer.
“As a result, the program offers several suitable candidate keys, and not a single ready-made option. However, this “acoustic” analysis of a typical six-lug key allows us rejecting more than 94% of the keys and leave only about 10 candidate keys (often there will be only 3 candidate keys)”, – explain the researchers.
The SpiKey method has a number of weaknesses. For example, some types of keys, when inserted into a keyhole, emit so-called “overlapping clicks”, which are extremely difficult to analyze, and for this reason, only about 56% of keys are vulnerable to SpiKey.
In addition, for the best analysis results, special software requires a constant speed during turning the key in the lock, which simply does not happen in real life.
However, this nuance can be mitigated by recording the sound of opening/closing the lock several times. To do this, the attacker can install malware on the victim’s smartphone or smartwatch (in order to record the desired sounds), or collect data from door sensors, if they are equipped with microphones.
The researchers note that clicks should be recorded at a distance of about 10 centimeters from the lock, and for longer distances is necessary a parabolic microphone.
“There is no reason to believe that digital locks will provide better security, especially considering current number of cyberattacks. While attacks on physical locks require an attacker to be present, digital attacks can be remote and intimidating. Perhaps we should take inspiration from two-factor authentication, and the combination of physical and digital door locks is the safest way for more detailed development”, — conclude the experts.
Let me also remind you that Hacker “Tamagotchi” Flipper Zero hits Kickstarter and collects 7 times more than planned.