Physical locks are less hackable than digital locks, right? Maybe not: Boffins break in with a microphone

2020-08-21 09:31

The paper presents "SpiKey, a novel attack that utilizes a smartphone microphone to capture the sound of key insertion/withdrawal to infer the shape of the key, i.e., cut depths that form the 'secret' of the key, solely by the captured acoustic signal."

The researchers explained that there will be more than one "Candidate keys" rather than a single one that fits the pattern, but that in the case of the particular six-pin key analysed, "SpiKey guarantees reducing more than 94 per cent of keys to less than 10 candidate keys" with three candidates being "The most frequent case".

"Lock picking, although quite effective on various lock types, still requires meddling with locks and human expertise. Further, lock picking also leaves traces on the lock's interior that can be identified by forensic experts."

If a physical lock can be cracked with a microphone, are digital locks, such as those operated by cloud-controlled security systems, more secure? Ramesh has little patience with the idea.

"There is no reason to believe that digital locks provide better security given the number of cyber attacks we witness. While attacks on physical locks require the attacker to be present, digital attacks allow for remote attacks as well, which is quite horrifying. Inspired by the two-factor authentication of the digital world, maybe a combination of both physical and digital locks for our doors can be a safe way forward."

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/21/spikey_paper_acoustic_lock_pick/

#boffins #digital