Researchers have shown it's possible to use a smartphone to duplicate an actual key and pick a physical lock, like those found in any number of doors.
The trio of researchers - Soundarya Ramesh, Harini Ramprasad, and Jun Han - presented their findings at this year's International Workshop on Mobile Computing Systems and Applications, where they showed how their system - SpiKey - uses a smartphone microphone to work out the shape of a key.
"When a victim inserts his/her key into the lock, the emitted sound is captured by the attacker's microphone," stated the researchers in their findings. "SpiKey leverages the time difference between audible clicks to ultimately infer the bitting information, i.e. shape of the physical key."
The researchers were able to show how SpiKey drastically reduced the number of possible keys.
"As a proof-of-concept," they stated, "we demonstrate a significant reduction in search space from a pool of more than 330,000 keys to three candidate keys for the most frequent case."
While SpiKey sounds good 'on paper', the researchers acknowledge that obtaining the required recording is the weak link in their system, as it would need to be done without alerting the intended victim. Suggestions for achieving this include hiding a microphone nearby, installing the software on the victim’s phone and walking past the home with a microphone.
This might be too much effort for the ordinary burglar, but could yield better results with high-profile targets. Or it could end up as the basis for a plot in a Hollywood blockbuster.
