SpiKey attack picks locks with smartphone and 3D printer

Many of us use physical keys for securing a whole manner of objects, from front doors to garages, and office buildings to gym lockers, but how reliant can we truly be on their security? Of course, the vulnerability of physical locks to being manually picked is no secret, but there could now be a more novel attack afoot involving a smartphone microphone.

Researchers from the National University of Singapore (NUS), led by cyberphysical systems researcher Soundarya Ramesh, claim to have proven a major vulnerability in physical keys based on the sound they make when being inserted into a lock. The series of audible clicks made as a key enters a lock can now be recorded and deciphered by a signal processing software to provide an accurate ‘digital cut’ of the key’s shaft. This digital cut can then be 3D printed to give a precise physical copy of the key, which attackers can use to come and go from a protected space as they please.

The question is, how feasible could this type of attack really be, and does it make 3D printing an inadvertent accessory in a new world of criminal lock picking?

Researchers from NUS say they have proven a major vulnerability in physical key security. Photo via Pixabay.

Picking locks with audio technology

To prove their theory, the NUS team proposed SpiKey, a novel attack that significantly lowers the bar for a would-be criminal looking to enter a protected space by requiring only the use of a smartphone. The particular keys targeted by the researchers are keys to pin-tumbler locks such as those belonging to Yale or Schlage, within in which metal pins are pushed up to various heights by the teeth on the key in order to free and open the lock. 

The microphone in a smartphone can be used to record the sound of such a key as it enters a lock, and SpiKey’s signal processing software can then decipher this sound to reveal the bittings (cut depths) individual to that key. Out of 330,000 possible key shapes, the SpiKey attack can narrow the search space to just three of the most likely key designs that will fit the lock in question.

Once the potential key designs are identified, a physical replica can then be precisely 3D printed to enable the attacker to enter the protected area time and again. The team carried out several proof-of-concept experiments based on real-world recordings to test their attack software, and while they believe it could prove a justified threat to physical key security, there are some limitations to the technology.

Unpicking SpiKey

One of the first aspects to consider is how a potential criminal could acquire the sound of your key entering its lock in the first place. The NUS team proposed a walk-by-attack as an option, where the attacker would simply walk behind someone as they unlock a door or locker and hold their phone out to record the sound. However, with the microphone only able to adequately pick up the sound from around 10 cm away, it is safe to say this wouldn’t be the most inconspicuous break-in attempt. 

Another scenario involves installing malware on the victim’s smartphone or smartwatch which records and transmits the sound as they insert their key into a lock, or hacking into a video doorbell located near the lock and recording the audio through the device. Long-distance microphones and installing hidden microphones are also possible methods of furtively recording audio, but each of these scenarios is heavily dependent on the quality of the captured audio.

Nearby traffic, jangling of keys, and chatting are just some of the obstacles to obtaining clean audio that can be deciphered by the SpiKey software. How quickly a key is inserted into the lock can also influence how the audio is inferred by the signal processing software. The attacker in question would also need a significant knowledge of the sound environment and acoustic science in order to be successful in their endeavor. 

Perhaps, then, SpiKey is suited more towards higher-stakes crime, as opposed to the domestic burglary of homes and lockers, and the chances are we can all still sleep soundly in the knowledge that, for now at least, our front doors are more than likely safe from audio technology lock picking. 

Further information on the study can be found in the paper titled “Listen to your key: Towards acoustic-based physical key inference”, published in the AMC Digital Library. The paper is co-authored by S. Ramesh, H. Ramprasad, and J. Han.

Featured image shows one of the research team's 3D printed turtle eggs. Photo via Paso Pacifico.
3D printed turtle eggs have helped to prevent illegal trade crimes. Photo via Paso Pacifico.

3D printing’s criminal record

3D printing has had several ‘brushes with the law’ in the past, but for decidedly more positive reasons. The technology has been deployed on multiple occasions to aid in crime-solving and surveillance, educate students on criminal forensic science, and survey crime scenes.

In 2018, the Abu Dhabi Police force launched a 3D printing initiative to help solve crimes through evidence handling and crime scene assessment, and a similar initiative has previously been set up in the UK by the West Yorkshire Police. 3D printing technologies have proven to be a valuable addition to law enforcement, with 3D scanners providing an effective tool for creating a digital equivalent of crime scenes to help investigators, judges, and juries visualize the scene of an offense.

Most recently, 3D printing has been deployed in the prevention of the illegal trade of turtle eggs in Costa Rica. By replacing the turtle eggs with 3D printed decoys embedded with GPS trackers, the crime-fighting ecologist team was able to track illegal traders and intervene.

Subscribe to the 3D Printing Industry newsletter for the latest news in additive manufacturing. You can also stay connected by following us on Twitter and liking us on Facebook.

Looking for a career in additive manufacturing? Visit 3D Printing Jobs for a selection of roles in the industry.

Featured image shows a door key inserted into a lock. Photo via Pixabay/MasterTux.