In a study published last year, researchers with the National University of Singapore laid out what is essentially a high-tech solution for breaking and entering.
The method, which is being called the “SpiKey” attack, is quite novel. It leverages acoustical analysis of the noises a key makes when it enters a lock to virtually simulate its approximate size and shape. From there, a potential attacker could potentially “clone” the key, easily gaining access to a home or building, researchers say.
How it might work goes something like this: A sophisticated burglar uses a smart phone mic or other device to record a potential victim as they enter their home. Software can then be used to analyze the sounds the key made as it engaged the lock, honing in on “the time difference between audible clicks” to “infer the bitting information,” the researchers write.
Bits are those ridged fixtures that interact with the lock’s pins, and they make audible noises when they engage. By analyzing these noises, researchers say they can effectively reconstruct simulations of the “inter-ridge distances” of the actual bits, tracing the physical shape of the key. Hypothetically speaking, if the key’s shape could be captured, it’s just a short trip to a hapless locksmith to make a copy of it—after which a user could walk right in your front door unannounced.
In reality, it’s a lot more complicated than that. The “SpiKey” method is still a work-in-progress and is mostly hypothetical, at this point. It actually produces a range of potential key layouts, not a single definitive one, and digital analysis of the auditory signals needed to accomplish this takes some careful finessing. There are other shortcomings: Most problematically, researchers say the key needs to be traveling at a constant rate of speed during insertion for audio analysis to work. And it seems likely that it would be fairly difficult to get a reliable recording of a homeowner’s entry, in many cases.
However, researchers said that, when tested in a lab, they managed to narrow the pool of potential key layouts from “more than 330 thousand possible keys to three candidate keys”—a pretty impressive achievement. On top of this, the attack could be augmented with other scary methods to make it more effective: If a victim’s phone were targeted with malware, then a recording with a “higher signal-to-noise ratio” could be accomplished. Long-distance microphones could also be utilized to avoid, you know, standing around like a creep trying to record someone unlocking their door, researchers write.
This is a pretty fascinating line of inquiry, since knowing about this kind of vulnerability—and the ways it could be exploited—might be the best way to bolster security systems against such future high-tech attacks. On the other hand, if the average home invader is paying attention, it might just be giving them ideas.