Earlier this year researchers at the National University of Singapore came up and published a paper enumerating how, utilizing just a smartphone microphone and a program designed by them, a hacker can clone your key.
The key, named SpiKey, is the sound made by the lock pins as they move over a typical key’s edges.
The paper written by Soundarya Ramesh, Harini Ramprasad, and Jun Han, says that “When a victim inserts a key into the door lock, an attacker walking by records the sound with a smartphone microphone.”
And with that recording alone, the hacker/thief can utilize the time between the audible clicks to determine the distance between the edges along with the key.
Utilizing this info, a ‘bad actor’ could then figure out and afterward come up with a series of likely keys.
So now, rather than messing around with lock-picking tools, a thief could basically attempt a few pre-made keys and afterward come directly in through the victim’s door.
However of course there are some shortcomings to carrying out this attack as well like the attacker would need to comprehend what kind of lock the victim has or the speed at which the key is placed into the lock is thought to be constant.
But the researchers have thought of this as well, and they concocted the clarification that, “This assumption may not always hold in [the] real-world, hence, we plan to explore the possibility of combining information across multiple insertions”
The study authors further clarified, “We may exploit other approaches of collecting click sounds such as installing malware on a victim’s smartphone or smartwatch, or from door sensors that contain microphones to obtain a recording with the higher signal-to-noise ratio. We may also exploit long-distance microphones to reduce suspicion. Furthermore, we may increase the scalability of SpiKey by installing one microphone in an office corridor and collect recordings for multiple doors.”
Taking the case of the supposed ‘smart locks’ which despite everything still present their own security issues, the Amazon’s Ring security cameras, for example, are hacked constantly, so as it were, as the researchers hypothesize, the hacker could, in principle, utilize the microphone embedded in such a camera to capture the sounds your key makes and afterward utilize the SpiKey procedure to create physical keys to your home.