How hackers clone your key just by listening to the sound it makes when you open the door

How hackers clone your key just by listening to the sound it makes when you open the door
Image from Pixabay

Keys are the instrument we rely on every day to keep our home safe. However, the era of traditional locks could be coming to an end due to systems like SpiKey, an attack capable of inferring the design of your key just by listening to the sound it makes.

Most people don’t even think about changing their lock for modern, and the digital one, but the new attack by researchers at the National University of Singapore may make people to start considering it.

The conventional pin tumbler lock is one of the most widely used. Inserting the correct key pushes the six spring-loaded metal pins at different heights that make up the lock, causing the drum to rotate and the door to open.

It is well known that many thieves have tricks to pick the locks in many ways, but some of these methods require several tests be performed on the lock before it can be opened, or they leave evidence that the lock has been forced.

How does it work?

Following the contribution of this group from Singapore, this task can be made much easier. You only need smartphone that has a recorder to be able to capture the sound made by the key when leaving or entering the lock.

This enables “a non-expert person to launch the attack, as well as significantly reducing suspicion. Furthermore, since SpiKey infers the shape of the key, it is inherently effective (…) with modern locks and allows multiple entries to be made without leaving any trace”, say scientists from the Singapore center.

By analyzing the recording, SpiKey is able to find out the characteristics of the key structure taking into account the time that passes between the clicks made by each of the six metal pins that make up the key, which allows it to infer its pattern.

This can differ from other keys by just 0.381 millimeters, which speaks of the high precision that characterizes SpiKey. In fact, the researchers say that the system reduces the number of keys potentially capable of opening the lock from 330,424 to just three, in most cases.

After a successful attack, the group explains, the user can reverse engineer to obtain a key model that can be printed with the 3D printer.

But everything is not so easy

The implementation of this method of opening locks in real life runs into several obstacles that mean, for now, we can continue to trust our traditional locks.

The Achilles heel of this invention can be said to be the speed at which the key is inserted or extracted from the lock. Scientists are counting on the victim to insert or remove the key at “a constant insertion rate,” which does not have to be the case. That is why they are exploring how to combine the information obtained through various inserts.

Another big problem is ambient noise that can cause interference with the sound of the key. This can be stopped by bringing the mobile close enough to the key, but since that would be very suspicious for the victim, the key could be to use remote listening systems, such as malware previously installed on the person’s smartphone or smartwatch.

Either way, it’s clear that technology is also at the service of criminals, and these and other difficulties that stop them from sneaking into our homes, for now, may one day cease to exist. Switching to digital locks may not be such a bad idea after all.