Researchers reveal technology called SpiKey that can ‘listen’ to the clicks a key makes in a lock and create a duplicate from the sounds.
Security researchers have given a whole new meaning to “picking a lock,” demonstrating that they can use audio and signal-processing technology to listen to the sounds a key makes when it opens a lock and then 3D-print a duplicate from a recording.
The attack, called SpiKey, leverages any basic recording technology—such as the one found on any smartphone—and pairs it with signal processing software that can listen to the time difference between audible clicks of a key to determine its particular shape. That shape can then be transformed to a computer model that can be 3D-printed.
“While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raises suspicion,” researchers wrote.
SpiKey creates a more surreptitious alternative to this traditional technique and works in three basic steps.
The first step is for an attacker who is physically approximate to someone opening his or her door to record the sound with a smartphone microphone, from which SpiKey filters the signal using signal-processing technology and detects the timing of the clicks from the sound.
The technology then uses the click timestamps to computer what researchers call “adjacent inter-ride distances”—or how the physical ridges are placed on the part of the key inserted into the lock—given the constant insertion speed.
Those computer distances are then used to infer the relative differences between the bitting depths of the key, which is basically how deeply they are cut into the key shaft, or if they flatten out.
SpiKey then uses all of this information to “ultimately obtain a small subset of candidate keys that includes the victim’s keycode,” researchers wrote.
To prove that SpiKey works, the team developed a simulation, based on real-world recordings, in which of SpiKey was able to narrow down a field of 330,000 potential keys to a lock to “three candidate keys for the most frequent case,” researchers wrote. Given this potential success rate, people may want to think twice before they open their front door if there is a nosy neighbor in the vicinity.