Security News

Now a Smartphone Can be Used to Pick the Lock of Your Front Door

Researchers have shown it's possible to use a smartphone to duplicate an actual key and pick a physical lock, like those found in any number of doors.

The trio of researchers - Soundarya Ramesh, Harini Ramprasad, and Jun Han - presented their findings at this year's International Workshop on Mobile Computing Systems and Applications, where they showed how their system - SpiKey - uses a smartphone microphone to work out the shape of a key.

"When a victim inserts his/her key into the lock, the emitted sound is captured by the attacker's microphone," stated the researchers in their findings. "SpiKey leverages the time difference between audible clicks to ultimately infer the bitting information, i.e. shape of the physical key."

The researchers were able to show how SpiKey drastically reduced the number of possible keys.

"As a proof-of-concept," they stated, "we demonstrate a significant reduction in search space from a pool of more than 330,000 keys to three candidate keys for the most frequent case."

While SpiKey sounds good 'on paper', the researchers acknowledge that obtaining the required recording is the weak link in their system, as it would need to be done without alerting the intended victim. Suggestions for achieving this include hiding a microphone nearby, installing the software on the victim’s phone and walking past the home with a microphone.

This might be too much effort for the ordinary burglar, but could yield better results with high-profile targets. Or it could end up as the basis for a plot in a Hollywood blockbuster.


Thanks for visiting SecAlerts and reading this story. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts