Published 07:29 IST, August 24th 2020
Hackers can now clone keys by recording its sound with a smartphone, study finds
Hackers can hear the almost inaudible sound of the key unlocking a door through a smartphone that is later used for ‘key cloning’, claim researchers in a study.
Advertisement
Hackers can hear the almost inaudible sound of the key unlocking a door through a smartphone that is later used for ‘key cloning’, research finds. The scholars at the National University of Singapore have published a paper providing a detailed analysis of how by just the use of a smartphone microphone and a programme that they designed, a hacker can clone the key for respective locks.
Moreover, if the thief is able to successfully install the malware on the smartphone, smartwatch, or smart doorbell used by the house owner, the hacker does not even have to be nearby to fulfil the deed. In the paper titled ‘listen to Your Key: Towards Acoustics-based Physical Key Interference’, the researchers talked about the physical locks that are widely used as securing mechanism.
How is such an attack carried out?
The method, dubbed as SpiKey, works on the common pin tumbler lock where the hackers take note of the sound made by the lock pins as they move over a typical ridge of the key. While a house owner, unaware of such an attack, puts the key in the lock, the emitted sound is captured by the attacker’s smartphone. Then SpiKey is used by the thief to leverage the time difference between audible clicks to ultimately infer the shape of the real key.
As proof to their findings, the researchers even provided a simulation that is based on real-world recordings and demonstrated a significant reduction in search space from a pool of more than 330 thousand keys to three candidate keys for the most frequent case. While a lockpick or a locksmith uses a specialised set of tools to move the pins inside a lock gradually to strike a correct combination, SpiKey technique has proven to be easier and requires the knowledge of using a 3D printer.
Fortunately, the SpiKey technique is not entirely foolproof as its software requires a key to be inserted into the lock at a constant speed for the sound to be successfully analysed and then engineered. Moreover, the thief would have to record the key sound from within four inches of the lock to get a clear recording if the software is not installed on the owner’s phone.
07:29 IST, August 24th 2020