New SpiKey tool can ‘listen’ to the clicks a key makes in a lock and 3D print a duplicate key from the sounds
If you are a heist movie aficionado, you may have seen countless movies depicting the protagonist listening to the clicks in the safe using headphones and cracking it open. While this was true for movies, you wouldn’t find this happening in the real world. That is up until now. Security researchers have found a way to listen to the key click sounds and generate a duplicate 3D key.
A research team at the National University of Singapore led by Soundarya Ramesh, a first-year Ph.D. student in computer science at the university have created a new tool called SpiKey. The SpiKey tool works by using audio and signal-processing technology to listen to the sounds a key makes when it opens a lock and then 3D-prints a duplicate key from a recording.
The SpiKey tool can use any basic recording device such as your Android smartphone or iPhone. The attack method leverages any basic recording technology and pairs it with signal processing software the research team has created. The signal processing software records the time difference between audible clicks of a key to determine its particular shape. The shape is then transformed into a physical model using a 3D printer.
The signal processing software uses the click timestamps to decipher “adjacent inter-ride distances”—or how the physical ridges are placed on the part of the key inserted into the lock—given the constant insertion speed. The code infers the relative differences between the bitting depths of the key, which is basically how deeply they are cut into the key shaft, or if they flatten out. SpiKey then uses all of this information to “ultimately obtain a small subset of candidate keys that includes the victim’s keycode,”
You can see and listen to the Key Spectrogram developed by the research team here.
Future of lock-picking
Up until now, lockpicking used to be a precision skill using specific tailor-made equipment which could be used only by the lock picker. The researchers say that SpiKey “significantly lowers the bar for an attacker” who wants to break into someone’s house or anything else protected by a physical lock. “While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raises suspicion,” researchers wrote.
Soundarya and her research team have written a research paper on SpiKey (PDF). The researchers had presented their paper at the 21st International Workshop on Mobile Computing Systems and Applications (HotMobile 2020) held in March 2020 in Texas.
You can visit Soundarya Ramesh’s profile here for more information about the project.