Scientists from the National University of Singapore have published a report on an interesting technique of picking locks - SpiKey. They claim that by eavesdropping and recording the sound of the opening of the lock, you can pick up the key to this lock. Researchers say that a physical lock, of course, can be broken in a more traditional way, but this will require certain knowledge, skills and tools. In addition, a common burglary leaves traces on the inside of the castle, which can later be detected by forensic experts.
In fact, the attack proposed by the researchers suggests using the microphone of a regular smartphone to capture the sound of inserting and extracting a key from the lock. This sound allows you to draw conclusions about the shape of the key and its beard, and then create a copy.
So, special software determines the time between clicks that occur when the key contacts the pins in the lock, and, based on this data, recreates the key itself. Subsequently, the obtained data can be used to create a copy of the key, for example, using a 3D printer.
The researchers explain that at the end of the program, the program offers several suitable candidate keys, and not a single ready-made option. However, such an “acoustic” analysis of a conventional key with six projections allows us to reject more than 94% of the keys and leave only about 10 candidate keys (often there will be only 3 candidate keys).
The SpiKey method also has a number of weaknesses. For example, some types of keys, when inserted into a keyhole, emit so-called "overlapping clicks", which are extremely difficult to analyze, and for this reason only about 56% of keys are vulnerable to SpiKey.
In addition, for the best analysis results, special software requires a constant speed when turning the key in the lock, which simply does not happen in real life. However, this nuance can be circumvented by recording the sound of opening / closing the lock several times. To do this, the attacker can install malware on the victim's smartphone or smartwatch (in order to record the desired sounds), or collect data from door sensors, if they are equipped with microphones.
The researchers note that the clicks should be recorded at a distance of about 10 centimeters from the lock, and for longer distances, a parabolic microphone will already be needed.
