Posted on August 21, 2020 at 4:07 PM
Researchers at the National University of Singapore published a paper this year, with details of how hackers use a program they designed and a smartphone microphone to clone keys. In addition to these, the hackers have devised means to install malware to users’ smartwatch or smartphone, or even their smart doorbell without being physically present or close to the device.
Now the hackers can listen to the sound of the keys when opening the door to produce an identical key in terms of function. The strategy is termed Spykey, which listens to the sounds made by the keys as the user or house owner tries to open the door.
The paper describes that when the victim or target inserts the key into the door lock, an attacker close by can record the sound of the key with a smartphone microphone.
“When a victim inserts a key into the door lock, an attacker walking by records the sound with a smartphone microphone,” revealed the paper written by Jun Han, Harini Ramprasad, and Soundarya Ramesh describes.
With the recording, the criminal can use the time between the audible clicks to find out the difference between the ridges along with the key. Using the information, they can record the differences and develop similar keys with the same features and number of ridges as the original one.
Generally, Spikey can develop 5.10 candidate keys that guarantee the inclusion of the right victim key from a total of 330, 424 possible options, but the most frequent case is with 3 candidates.
In the past, the most efficient way to get past a locked door or apartment is to use lock-picking tools. The thief can insert different premade keys one after the other to gain access to the home through the door. But with this software, the actors can recreate almost the exact key that will easily open the door to the victims’ apartment or office.
Some limitations to the hack still exist
Although this may look simple, there are some difficulties and limitations to this new trick by hackers. For instance, the actor had to know the exact lock the victim or target has installed on the door. To get this information swiftly, the hacker needs to look at the information placed at the exterior of the lock, which may not be easy for a stranger to acquire.
Apart from that, the speed of the key when placed in the lock is said to be constant on assumption, although the researchers have considered that as well. They explained that in the real world, the assumptions may not always hold. As they explained, that’s the reason why they should explore the likelihood of combining information across multiple key insertions.
Theft attempt is not difficult to counter
The researchers have not failed to admit that the theft attempt is still easy to counter. The user only has to make sure there is no one lurking around or passing by when they are opening the door. But this may not always be the case, especially as humans are known to be carried away by distractions of the mind or when in a hurry.
The researchers said hackers can explore other methods of collection click sounds such as the installation of malware on the victim’s smartwatch or smartphone. They could even install malware on door sensors that have a microphone to get a recording with a higher signal-to-noise ratio.
The researchers in the study also said it is possible to reduce suspicion by exploiting long-distance microphones. Also, the scalability and efficiency of SpiKey can be increased by installing a microphone in an office corridor to get the recordings of multiple doors within the corridor.
With these options, they are thinking of methods of making the hack easier to carry out. Even the smart locks are not completely safe or secure these days, as they also present their security challenges.
A perfect example is Amazon’s Ring security cameras, which are constantly hacked. With this discovery of the SpiKey, it means criminals may soon have the ability to access different offices, still more files, and cause more damage.