Audio recordings from smartphones could be used by hackers to create a set of keys to your front door, a new research paper has revealed. But don't panic yet, there's still some significant hurdles to be cleared before this becomes reality.
Published by academics from the National University of Singapore, the paper demonstrates how an audio recording of a key turning in a lock can be used to map its shape, size and ridge-pattern - information the eavesdropper could use to create a real-world replica.
The program that analyzed the audio recordings, named SpiKey, is said to be accurate enough to filter a database of 330,000 keys down to three candidates.
- Check out our list of the best identity theft protection around
- We've built a list of the best password managers available
- Here's our list of the best malware removal services on the market
The lock-breaking system works by analyzing the time elapsed between clicks made as the key ridges interact with pins in the lock, allowing the program to discern the key’s unique pattern of ridges.
The inter-ridge distances are used to create a virtual model of the key, which can then be 3D printed for use in real-life scenarios.
“Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments and easily raises suspicions,” wrote the researchers.
“[SpiKey] significantly lowers the bar for an attacker by requiring only the use of a smartphone microphone to infer the shape of the victim’s key, namely bittings (or cut depths) which form the secret of the key.”
The paper does concede that SpiKey is only effective if the attacker has a base knowledge of the type of lock and key (which could be confirmed by inspecting the exterior) and if the speed of key insertion or withdrawal remains constant from start to finish.
In future, the research team plans to explore the possibility that click sounds could be collected by malware installed on a victim’s smartphone or smart watch and whether the same analysis technique could be applied to a recording taken at distance, which would minimize suspicion.
One simple method of mitigating against attacks of this kind is to attach your front door key to a ring that contains multiple keys, which should create enough noise interference to make effective analysis impossible.
- Here's our list of the best antivirus services out there
Via The Telegraph