Hackers use smartphones to access your home. Image supplied
Beware: Hackers can use audio recordings to get inside your home
It has come to light that smartphone audio recordings could be used by hackers to create a set of keys to your front door.
Hackers use smartphones to access your home. Image supplied
A new research paper has revealed that smart phone audio recordings could be used by hackers to create a set of keys to your front door.
The paper demonstrates how an audio recording of a key turning in a lock can be used to map its shape, size and ridge pattern.
The information can be used by an eavesdropper to create a real world replica. The programme that analysed the audio recordings, named SpiKey, is said to be accurate enough to filter a database of 330,000 keys down to three candidates.
Audio analysis
The lock-breaking system works by analysing the time elapsed between clicks made as the key ridges interact with pins in the lock. This allows the programme to discern the key’s unique pattern of ridges.
The inter-ridge distances are used to create a virtual model of the key which can then be 3D-printed for use in real life scenarios.
Physical locks are vulnerable to hackers
The researchers said, “Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock picking, they are still widely used as lock picking requires specific training with tailored instruments and easily raises suspicions.
“SpiKey significantly lowers the bar for an attacker by requiring only the use of a smartphone microphone to infer the shape of the victim’s key, namely biting’s or cut depths which form the secret of the key.”
The paper does concede that SpiKey is only effective if the attacker has a base knowledge of the type of lock and key and if the speed of key insertion or withdrawal remains constant from start to finish.
How to avoid attacks
The research team plans to explore the possibility that click sounds could be collected by malware installed on a victim’s smartphone or smart watch. They would also determine if the same analysis technique could be applied to a recording taken at distance which would minimise suspicion.
One simple method of mitigating against attacks of this kind is to attach your front door key to a ring that contains multiple keys which should create enough noise interference to make effective analysis impossible.
