Tech

This software can pick a lock by sound alone

Researchers have demonstrated how software can recreate a key just by listening to the sound of it entering a lock.

Shutterstock

Lockpicking is a talent mythologized in literature and film. A discipline reserved for sleuths, spies, and thieves typically portrayed as being equal parts skill and stealth.

Though captivating to watch in movies, it turns out lockpicking, like many tasks, may not be immune to automation.

Shutterstock

In a demonstration and corresponding research article published this past March, Soundarya Ramesh and a team at the National University of Singapore showed off a system called "SpiKey."

Shutterstock

The software is capable of using the series of audible clicks created by a key entering a lock to drastically narrow down the possible key configuration that can be used to create a functional 3D replica.

330,000

The number of combinations in the common pin-tumbler mechanism.

Shutterstock

3

SpiKey can narrow the combination down to three possible iterations.

“Given that the profile of the key is publicly available for commonly used [pin-tumbler lock] keys, we can 3D-print the keys for the inferred bitting codes, one of which will unlock the door."

Soundarya Ramesh

Shutterstock

To copy a key, all SpiKey needs is a commonplace microphone like the one attached to your mobile phone which is used to record the sound of the key activating springs inside the lock.

Shutterstock

"These clicks are vital to the inference analysis: the time between them allows the SpiKey software to compute the key’s inter-ridge distances and what locksmiths call the 'bitting depth' of those ridges: basically, how deeply they cut into the key shaft, or where they plateau out."

Soundarya Ramesh at HotMobile 2020

A readout of the audible clicks made from a key.

Researchers propose several ways in which audio could be acquired, including holding one's smartphone near the lock to record the sound, installing malware on a target's device to record the audio, or hacking a smart doorbell to record and transmit audio.

Shutterstock

The system isn't perfect. Researchers note that variations in speed can greatly decrease the accuracy (though some fluctuation can be accounted for).

Though SpiKey is still mostly a theoretical threat, the demonstration is an intriguing — and somewhat disconcerting — demonstration of how technology can be used to hack the physical world.

Shutterstock

To learn more...

You can read more about Soundarya Ramesh and her SpiKey project here.

Shutterstock

Share