Physical locks are one of the most prevalent mechanisms for securing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raises suspicion. In this paper, we propose SpiKey, a novel attack that significantly lowers the bar for an attacker as opposed to the lock-picking attack, by requiring only the use of a smartphone microphone to infer the shape of victim's key, namely bittings (or cut depths) which form the secret of a key. When a victim inserts his/her key into the lock, the emitted sound is captured by the attacker's microphone. SpiKey leverages the time difference between audible clicks to ultimately infer the bitting information, i.e., shape of the physical key. As a proof-of-concept, we provide a simulation, based on real-world recordings, and demonstrate a significant reduction in search space from a pool of more than 330 thousand keys to three candidate keys for the most frequent case.
|Title of host publication||HotMobile 2020 - Proceedings of the 21st International Workshop on Mobile Computing Systems and Applications|
|Publisher||Association for Computing Machinery, Inc|
|Number of pages||6|
|Publication status||Published - 2020 Mar 3|
|Event||21st International Workshop on Mobile Computing Systems and Applications, HotMobile 2020 - Austin, United States|
Duration: 2020 Mar 3 → 2020 Mar 4
|Name||HotMobile 2020 - Proceedings of the 21st International Workshop on Mobile Computing Systems and Applications|
|Conference||21st International Workshop on Mobile Computing Systems and Applications, HotMobile 2020|
|Period||20/3/3 → 20/3/4|
Bibliographical noteFunding Information:
This research was partially supported by a grant from Singapore Ministry of Education Academic Research Fund Tier 1 (R-252-000-A26-133).
© 2020 Association for Computing Machinery.
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications
- Computer Science Applications