Scientists from the National University of Singapore have published un informe on the interesting SpiKey technique that allows opening a lock. They argue that having overheard and recorded the sound of the lock opening, you can pick up the key to this very lock.
The researchers say that a physical lock, por supuesto, can be broken in a more traditional way, but this will require certain knowledge, skills and tools. Además, ordinary burglars leave traces on the inside of the lock, which can later be detected by forensic experts.
De hecho, proposed by the researchers attack proposed suggests using the microphone of a regular smartphone to capture the sound of inserting and extracting a key from the lock. This sound allows concluding about the shape of the key and its beard, and then creating a copy.
Así que, special software determines the time between clicks, when the key contacts the pins in the lock, y, based on this data, recreates the key itself. Después, the obtained data can be used to create a copy of the key, Por ejemplo, using a 3D printer.
“As a result, the program offers several suitable candidate keys, and not a single ready-made option. Sin embargo, this “acoustic” analysis of a typical six-lug key allows us rejecting more than 94% of the keys and leave only about 10 candidate keys (often there will be only 3 candidate keys)", – explain the researchers.
The SpiKey method has a number of weaknesses. Por ejemplo, some types of keys, when inserted into a keyhole, emit so-called «overlapping clicks», which are extremely difficult to analyze, and for this reason, solo sobre 56% of keys are vulnerable to SpiKey.
Además, for the best analysis results, special software requires a constant speed during turning the key in the lock, which simply does not happen in real life.
Sin embargo, this nuance can be mitigated by recording the sound of opening/closing the lock several times. Para hacer esto, the attacker can install malware on the victim’s smartphone or smartwatch (in order to record the desired sounds), or collect data from door sensors, if they are equipped with microphones.
The researchers note that clicks should be recorded at a distance of about 10 centimeters from the lock, and for longer distances is necessary a parabolic microphone.
“There is no reason to believe that digital locks will provide better security, especially considering current number of cyberattacks. While attacks on physical locks require an attacker to be present, digital attacks can be remote and intimidating. Perhaps we should take inspiration from two-factor authentication, and the combination of physical and digital door locks is the safest way for more detailed development”, — conclude the experts.
Déjame recordarte también que Hacker “Tamagotchi” Flipper Zero hits Kickstarter and collects 7 times more than planned.
