Every time you unlock your front door, your key whispers a small, but audible, secret. Hackers finally showed how to listen.
Researchers from the National University of Singapore earlier this year published a paper detailing how, with only a smartphone microphone and a program they have designed, a hacker can clone your key. What’s more, if a thief could install malware on your smartphone, smartwatch, or smart doorbell to record the audio from afar, they would not even have to be physically nearby to pull off the attack.
The key (ahem) to the attack, called SpiKey, is the sound made by the lockpins as they move over the edges of a typical key.
“When a victim puts a key in the door lock, an attacker speaks by recording the sound with a smartphone microphone,” describes the paper written by Soundarya Ramesh, Harini Ramprasad and Jun Han.
With that recording, the thief is able to use the time between the audible clicks to determine the distance between the edges along the key. Using this information, a bad actor could then calculate and produce a series of probable keys.
“[On] On average, SpiKey is able to provide 5.10 candidate keys, which guarantees that the correct victim key is recorded from a total of 330,424 keys, with 3 candidate keys being the most common case, “the study reads.
In other words, instead of bothering with pick-picking tools, a thief could simply try on a pair of pre-made keys and then walk right through the victim’s door.
Of course, there are some limitations in the real world. For staters, the attacker should know what type of lock the victim has. That information can be found out by simply looking at the outside of the lock.
Second, it is assumed that the speed at which the key is placed in the lock is constant. But the researchers also thought about it.
“It simply came to our notice then [the] real world, so we plan to explore the possibility of combining information about multiple inserts, ”they explain.
It is worth noting that this is currently a relatively easy attack to defeat. Just make sure no one is around you, pick up, when you put your key in a lock. However, that will not always be the case.
“We can use other approaches to collect click sounds, such as installing malware on a victim’s smartphone or smartwatch, or door sensors that include microphones to record with a higher signal-to-noise ratio,” the authors of the study. “We can also use long-distance microphones to reduce suspicion. Furthermore, we can increase the scalability of SpiKey by installing a single microphone in an office and collecting recordings for multiple doors.”
SEE ALSO: Police in riot gear stormed a rally on Friday, removing hundreds of protesters by truck.
In other words, they are already thinking of ways to make this attack easier. And, sorry, so-called smart locks simply present their own security issues. Amazon’s Ring security cameras, remember, are hacked all the time. And as the researchers post, a hacker could, in theory, use the microphone embedded in such a camera to record the sounds your key makes and then use the SpiKey technique to perform physical tests for you. house to produce.
However, if a hacker has access to your Ring, there are easier ways to clone your key than to listen to it. Even that, maybe make a little noise when you open the door ahead. Your neighbors may think you’re a little strange, but at least they’ll not be able to use SpiKey to break into your place.