SpiKey assault picks locks with smartphone and 3D printer

Many of us use physical keys to secure a whole range of items, from front doors to garages and office buildings to gym lockers. But how can we really depend on their safety? Of course, the vulnerability of physical locks to manual override is no secret, but there could now be a newer attack using a smartphone microphone.

Researchers at the National University of Singapore (NUS), led by cyberphysical systems researcher Soundarya Ramesh, claim to have detected a major vulnerability in physical keys based on the noise they make when they are inserted into a lock. The series of audible clicks made when a key is entering a lock can now be recorded and decrypted by signal processing software in order to achieve an accurate “digital cut” of the key shaft. This digital cut can then be 3D printed to obtain an accurate physical copy of the key that attackers can use to come and go from a protected space at will.

The question is how feasible this type of attack could really be and is it making 3D printing an accidental accessory in a new world of criminal locksmithing?

NUS researchers say they have identified a major vulnerability related to the security of physical keys. Photo via Pixabay.

Open locks with audio technology

To prove their theory, the NUS team proposed SpiKey, a novel attack that significantly lowers the bar for potential criminals trying to enter a protected space by requiring only the use of a smartphone. The special keys the researchers are aiming for are pin lock keys such as those from Yale or Schlage, in which metal pins are pushed to various heights by the key’s teeth to release and open the lock.

The microphone in a smartphone can be used to record the sound of such a key when entering a lock, and SpiKey’s signal processing software can then decode that sound to display the bitting depths that are unique to that key. Of 330,000 possible key shapes, the SpiKey attack can limit the search space to only three of the most likely key designs that are suitable for the lock in question.

Once the potential key designs are identified, a physical replica can be precisely 3D printed so that the attacker can re-enter the protected area. The team conducted several proof-of-concept experiments based on real recordings to test its attack software. While it believes this could pose a legitimate threat to the security of physical keys, there are some limitations in the technology.

Remove the SpiKey

One of the first things to consider is how a potential criminal can detect the sound of your key that gets into their lock in the first place. The NUS team suggested a walk-by attack as an option, in which the attacker simply walks behind someone while unlocking a door or locker and holding out his phone to record the sound. However, since the microphone can only adequately pick up the sound from a distance of about 10 cm, it is safe to say that this is not the most inconspicuous break-in attempt.

Another scenario is to install malware on the victim’s smartphone or smartwatch that will record and broadcast the sound while they put their key in a lock, or hack into a video doorbell near the lock and use the Record sound through the device. Remote microphones and installing hidden microphones are also possible methods of covertly recording audio. However, each of these scenarios is highly dependent on the quality of the audio being recorded.

The nearby traffic, the clink of keys, and the chatting are just some of the barriers to clean audio that SpiKey software can decipher. How quickly a key is inserted into the lock can also affect how the audio is derived by the signal processing software. The attacker in question would also need a thorough knowledge of the sound environment and acoustic science to be successful in his endeavor.

Perhaps SpiKey is more suitable for higher-stakes crime than domestic break-in of houses and lockers, and the chances are good that we can all still sleep well knowing that at least for the time being our front doors are more than likely safe Audio technology lock picking.

For more information on the study, see the article published on the AMC Digital Library entitled “Listen to Your Key: Towards Acoustic Inference of Physical Keys”. The paper was co-authored by S. Ramesh, H. Ramprasad, and J. Han.

The image shown shows one of the research team's 3D printed turtle eggs.  Photo via Paso Pacifico. 3D printed turtle eggs have helped prevent illegal trade crimes. Photo via Paso Pacifico.

Criminal record of 3D printing

3D printing has had several “brushes with the law” in the past, but for decidedly more positive reasons. The technology has been used on multiple occasions to aid crime investigation and surveillance, train students in forensic forensic science, and investigate crime scenes.

In 2018, Abu Dhabi Police launched a 3D printing initiative to solve crimes through evidence handling and crime scene assessment. A similar initiative was previously launched in the UK by the West Yorkshire Police. 3D printing technologies have proven to be a valuable addition to law enforcement. 3D scanners provide an effective tool for creating a digital equivalent of crime scenes that investigators, judges, and juries can use to visualize the crime scene.

More recently, 3D printing has been used to prevent the illegal trade in turtle eggs in Costa Rica. By replacing the turtle eggs with 3D-printed baits embedded in GPS trackers, the team of criminal combat ecologists were able to track and intervene in illegal traders.

Subscribe to the 3D printing industry newsletter for the latest news on additive manufacturing. You can also stay connected by following us on Twitter and liking us on Facebook.

Looking for a career in additive manufacturing? Visit 3D Print Jobs for a selection of roles in the industry.

The picture shown shows a door key that is inserted into a lock. Photo via Pixabay / MasterTux.