This is Scientific American’s 60 Second Science. I’m Sarah Vitak.
Someone who knows how can pick a door lock using a paper clip. But how about with a smartphone? Researchers at the National University of Singapore wondered if smartphone audio of a key turning a lock could be analyzed to determine the shape of the key. Spoiler alert: under the right conditions, they could create a few very good candidate keys—including the correct key.
Soundarya Ramesh, a grad student who worked on the system, which the researchers called SpiKey, said the work was inspired by previous research where the movement of smartwatches on people’s wrists was actually used to crack combination locks.
On supporting science journalism
If you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.
“So we were like, ‘Okay, people are doing this for combination locks. Maybe there are some similar insights that we can apply to other kinds of locks.’ And the most prevalent kinds of locks are these physical locks and keys.”
The first task for the team was to get audio from a key opening a lock and see if they could pull useful information from the audio.
“Whenever you insert a key into a lock, it produces a series of click sounds.”
[CLIP: Audio of key clicks]
The pins of the lock moving over the ridges of the key produces the clicks ...
“Which is not really audible for the human ear because it is too close to be resolvable. But when you hear it from a high-quality microphone, and when you hear it at a slower speed, you can actually hear these click sounds.”
Once they verified that getting this series of clicks out of audio was possible, they moved to using simulations. Because for the type of lock they chose, the “key space,” or the number of possible unique keys, was 586,584. And they wanted to test how this type of analysis would work on every possible key. So instead of using actual audio recordings, they just simulated where the clicks would be.
“SpiKey was like a best-case analysis for an attacker. So if he manages to get all the click information precisely, then this is how the results will be.”
Using the time between each click and some clever geometry, the researchers attempted to figure out the shape of each key. Immediately, about half of the possible keys were deemed “unattackable” because some of the clicks those keys would produce would overlap. That left about 330,000 potential key shapes. More analysis was able to narrow down each sound signature to just a handful of key patterns.
The strategy is a long way from being viable in the real world. For one thing, the method relies on the key being inserted at a constant speed. And the audio element also poses challenges like background noise.
“The main point of this work was not to say, ‘Stop using the keys; they are not really good.’ It’s more about just being aware of what keys we are using, what locks we are using. I think being aware of what is on your front door is actually very important.”
Thanks for listening. For Scientific American’s 60 Second Science, I’m Sarah Vitak.
[The above text is a transcript of this podcast.]
