Sounds far-fetched: Researchers figure out how to clone keys from the noise they make in locks

The particular sound a key makes when sliding into a lock can now be used to clone it, opening the possibility of hackers being able to unpick locks with just a smartphone and a piece of computer software.

Through the study of acoustics-based physical key inference, researchers led by computer scientist Soundarya Ramesh at the National University of Singapore found a way to turn “information from the physical environment that is seemingly of no utility” into a potentially game-changing way to unlock many of the world’s doors. 

The sound of a key pushed into a pin tumbler lock gives away the telltale order and dimensions of said lock.

In standard pin tumbler locks, keys engage with the pins inside using bittings (the jagged edges of the key) to correctly align and unlock the lock, producing a unique series of clicking sounds in the process. By recording and mapping this series of sounds, using the timing of the clicks to space out the bittings, the rough profile of the key can be inferred and several test keys cut. 

The researchers concede that this method requires far more equipment than standard lock-picking techniques, but the hands-off approach might better hide the subterfuge, especially in high-stakes espionage, which they believe would be a far more likely scenario for future use than an everyday burglary. 

Using the system, called SpiKey, the researchers could frequently narrow down the possible clone keys to just three candidates, one of which worked. There are 586,584 possible key combinations for a six-pin lock, 56 percent of which are vulnerable to a SpiKey attack. Of these 330,424 combinations, 94 percent could be reduced to fewer than 10 candidate keys.

However, the original key must be inserted and its sound captured in high-quality audio to work, and the system functions only with pin tumbler locks, though these are still quite widespread even today.

“SpiKey inherently provides many advantages over lock-picking attacks, including lowering attacker effort to enable a layperson to launch an attack without raising suspicion,” the researchers report in their paper.

Think your friends would be interested? Share this story!