Researchers have come up with a new attack that creates 3D-printed physical keys. Dubbed Spikey, the technique involves listening to the clicks of the key to create duplicate keys.
A team of researchers from the National University of Singapore have devised a new attack strategy targeting physical locks. What they call ‘Spikey’, the attack involves duplicating keys.
While that’s nothing new, Spikey makes use of technology to develop the replica keys. Specifically, it uses the sounds of the key clicks to develop duplicate keys by 3D printing.
As explained by the researchers, Spikey is a novel alternative to lock-picking as it does not require expertise. Rather all it requires is the sound recording of the key clicks when someone inserts it into the lock. These clicks here refer to the exact sound produced when a key passes through the lock ridges.
Recording the sound is also not difficult. An adversary can simply record the sound via a smartphone microphone when the target in proximity opens a lock.
Defining Spikey attack, the researchers stated,
While analyzing the sound signals would facilitate in determining the key design, the technique also involves the analysis of time difference between the clicks. This helps in determining the distance between the key ridges.
Details of the Spikey attack are available in a research paper. Whereas, the researchers have also presented their findings at the HotMobile ’20: 21st International Workshop on Mobile Computing Systems and Applications.
While the attack is pretty trivial to execute, in a real-time scenario, it has some limitations.
For instance, the time difference between the audible clicks may not always be the same in real-time. Hence, any change in this reading may lead to the wrong judgment of ridges.
The attacker should also have the knowledge of the respective lock and key.