As if we didn't have enough to fear with the thought of lockpicks breaking into our homes, researchers at the National University of Singapore have revealed that by using a smartphone to record the sound of a key in a lock, thieves have all the information they need to make a working duplicate.
The method, dubbed SpiKey, works on what is known as a pin tumbler lock — one of the most common types of locks for homes. As the key slides into the lock, its ridges push six metal spring-backed pins into specific positions. When they are all aligned correctly, the lock opens.
A lockpick or a locksmith would use a specialized set of tools to move the pins gradually into different positions so as to find the right combination. The SpiKey technique is much easier, and only really requires knowledge of how to use a 3D printer.
The research team found that the sounds made by the key as it hits specific pins, along with the timing of these sounds, within a tumbler lock can be reverse-engineered to determine the shape of the key, or at the very least a close match.
As Gizmodo points out, while a six-pin lock has close to 330,000 combinations, the SpiKey method can narrow that down to just three. An attacker could easily test these three to see which one works.
Thankfully, the technique isn't completely foolproof. The SpiKey software requires a key to be inserted into a lock at a constant speed for the sound to be successfully analyzed and reverse-engineered. The thief also needs to record the key sound from within 4 inches of the lock to get a clear enough recording — not an easy feat by any means.
However, the researchers suggest that malware installed on a target's smartphone could be used to record the sound of the lock over the course of several days — they're really doing the thieves' thinking for them by this point, aren't they?