How Hackers Use Sound To Unlock The Secrets Of Your Front Door Key

These hackers have found a way to copy physical keys using sound getty

When thinking about physical security in the cyber realm, the mind, more often than not, turns to the risks posed by so-called smart locks. When I recently asked 549 security professionals if they would use a smart lock, 400 of them said no, get in the sea.

But here's the thing, what if hackers had figured out a way of unlocking the secrets of your actual, physical, door key just by listening to the sound it makes when being inserted into the lock?

What do I mean by "unlock the secrets of your front door key" in this context?

How does gaining enough information about the cut depths, or bittings, required to lift the pins in a tumbler lock to be able to reduce the possible number of precut key templates that will unlock it from 330,000 to just three sound?

MORE FROM FORBES Goodbye Passwords, Hello 'Unbreakable' Quantum IDs Containing 1,000 Trillion Atoms

National University of Singapore researchers present SpiKey

A group of security researchers from the department of computer science at the National University of Singapore has created an attack model they call SpiKey to determine the key shape that will open any tumbler lock.

Soundarya Ramesh, Harini Ramprasad and Jun Han are the talented hackers behind SpiKey, which they say "significantly lowers the bar for an attacker," when compared to a more traditional lock-picking attack.

The theoretical methodology is deceptively simple, listening for the sound of the key as it moves past tumbler pins in turn when the key is inserted in the lock. The reality, as always, is somewhat more complicated.

As first reported by Nick Bild at Hackster.io, the Singapore hackers use a simple smartphone to record the sound of the key being inserted, and withdrawn, with a smartphone and then observe the time between each tumbler pin click using their custom key reverse-engineering application.

This forms the secret of the key, the fine-grained bitting depths which, the researchers report, can differ by as little as 15 milli-inches, or 0.381 millimeters if you prefer.

"As SpiKey infers the shape of the key, it is inherently robust against anti-picking features in modern locks," the research paper states, "and grants multiple entries without leaving any traces."

MORE FROM FORBES How Hackers Use An Ordinary Light Bulb To Spy On Conversations 80 Feet Away

The key, if you'll pardon the pun, to all of this is the fact that the tumbler pins, six top and bottom, are connected by a spring. The bottom pins correspond in length to the bittings, the cut depths, of the key itself.

Insert the key, the bottom pins position correctly to align the top pins on a "shear line," and the key can turn to unlock. The sound of each "click" as the pins fall is used to detect the timings involved and calculate inter-ridge distances "given a constant insertion speed."

Real-world hurdles mean you are safe, for now

So, on the face of it this is pretty alarming stuff, what with the researchers claiming it can reduce the search space from a possible 330,000 preset key templates likely to open the lock, down to just three which can then be used to cut, or 3D print, the new key.

But, as with so many of these cutting-edge attack methodologies, moving from the lab to the real-world presents several hurdles that make them less likely to succeed. One clue was at the end of the paragraph before last: a constant key insertion speed.

There is some leeway allowed for when it comes to key insertion speed thanks to the programming of the app. Still, any jiggling around, rough insertion, or difference in speed of insertion from start to finish is going to make an accurate calculation much harder to achieve.

As, for that matter, will ambient sound.

The biggest real-world hurdle to clear, though, has to be that the current attack mode requires the threat actor to be within a few inches of the lock to make that recording, which might just give the game away.

The research paper does discuss some of these points, and work is underway to look at using a combination of multiple key insertion recordings to overcome the constant speed requirement, for example.

When it comes to recording distance, the researchers said that they are looking at the possibility of installing malware on a victim's smartwatch or smartphone to collect the recordings remotely.

Do you need to worry about hackers making a copy of your front door key using a smartphone and app right now? No, not at all. That could, of course, change as this kind of research moves forward.

Maybe using smart locks, at least those not connected to a network in any way, isn't such a dumb idea after all.