Are you the type of person that lives and breathes cybersecurity? Is your OS patched? Firewall in place and configured? Are your passwords so long and nonsensical that even you can barely remember them? Yes? Well, then, good start, but how about physical security? If you are relying on lock and key, then a clever new high-tech exploit may cause you to reconsider just how secure you really are.
A team at the National University of Singapore have described a method — called SpiKey — that can provide the information needed to create a key for a lock by using only the sound of that lock being opened.
SpiKey works on the most common type of lock, the pin tumbler. Pin tumbler locks are constructed of six top and bottom spring-loaded pins. When a key with the proper cut depths is inserted, the pins will align properly to allow the key to turn, and the lock to open. As it turns out, inserting a key into a lock past each of these pins is noisy business. And importantly, that noise has distinctive qualities that can reveal the depth of each cut in the key.
By recording the click of each pin, and observing the time between each click during key insertion, the researchers have been able to reverse-engineer the likely shape of the key with fairly incredible precision. Of the over 330,000 key shapes that are possible for pin tumbler locks, the method narrows it down to three possibilities. That information can be used to 3D print the keys.
Traditionally, to defeat a pin tumbler lock, one would need to be highly skilled at lock picking. Additionally, lock picking often leaves scratches on the pins which can serve as a tip that the lock has been compromised, and also, the act of picking the lock can take some time, and if seen, would look highly suspicious. SpiKey, on the other hand, only requires an audio recording of a key being inserted into the lock to produce a reusable key copy. The researchers suggest that audio could be captured from the microphone of a compromised smartphone.
SpiKey is not perfect, however. The method requires that the microphone be quite close to the lock to get a good recording — typically within about four inches. It also requires that the key be inserted into the lock at a fairly constant rate, although some correction can be applied algorithmically for less smooth insertions. While these limitations are likely to keep SpiKey out of the toolbox of rank and file crooks, it does raise legitimate security questions in higher stakes scenarios.