Acoustic cryptanalysis the kind of security attack made possible by analyzing the sounds of a computer or other device, like reconstructing printouts from the noise of print heads or determining what someone is typing based on the click of each keystroke. Now, National University of Singapore researchers have applied acoustic cryptanalysis to house keys, demonstrating that it's possible (although difficult) for software to figure out the most likely shape of a key by analyzing the sounds it makes in the lock. From their research paper, titled "Listen to Your Key: Towards Acoustics-based
Physical Key Inference":
When a victim inserts his/her key into the lock, the emitted sound is captured by the attacker's microphone. SpiKey leverages the time difference between audible clicks to ultimately infer the bitting information, i.e., shape of the physical key. As a proof-of-concept, we provide a simulation, based on real-world recordings, and demonstrate a significant reduction in search space from a pool of more than 330 thousand keys to three candidate keys
for the most frequent case.
From Scientific American:
Soundarya Ramesh, a grad student who worked on the system, which the researchers called SpiKey, said the work was inspired by previous research where the movement of smartwatches on people's wrists was actually used to crack combination locks. […]
The strategy is a long way from being viable in the real world. For one thing, the method relies on the key being inserted at a constant speed. And the audio element also poses challenges like background noise.
"The main point of this work was not to say, 'Stop using the keys; they are not really good.' It's more about just being aware of what keys we are using, what locks we are using. I think being aware of what is on your front door is actually very important."
image: Mikael Häggström, M.D. (CC0)