Keyed locks are relatively easy to pick if you’ve spent enough time mastering the skill. But researchers at the National University of Singapore have just made it even easier. If you can use a smartphone to record a sound, you can capture all the information you need to create a working duplicate of a key.
The newfound vulnerability – although it’s more a case of modern technology compromising an outdated technology – was discovered by cyberphysical systems researcher Soundarya Ramesh and a team at the National University of Singapore. The attack, called SpiKey, works on what are known as pin tumbler locks that are opened using a key with a unique ridge pattern on its edge. As the key slides into the lock, the ridges push six metal spring-backed pins to different heights which, when all are properly aligned, allow a tumbler to turn and a lock to be opened. They’re one of the most common types of locks out there, used in everything from doors to padlocks, which makes this attack especially concerning.
To open a pin tumbler lock without the key, a locksmith (or lock pick) uses a specialised set of tools to manually adjust the height of each pin, one by one, until they figure out the unique arrangement needed for the tumbler to turn. The SpiKey technique is magnitudes easier, and requires little to no special skills, aside from the ins and outs of operating a 3D printer.
Comments are closed.