Phone app can figure out the shape of your house key by listening to you use it

Originally published at: Phone app can figure out the shape of your house key by listening to you use it | Boing Boing

…

So many solutions in search of problems.

Easily defeated by using disc detainer, duo keys, cruciform, dimple keys with pin-in-pin…

I think in this case the solution is the problem.

I believe nothing good can come of this.

True – but there are far more locks without those protections, and from that point of view, it’s something seriously to be considered. I’m not sure that the model couldn’t be refined to defeat them as well, given a good-enough recording.

An chaotic masking noise seems the best defense at the moment.

Yep…

So in this scenario, the attacker is sufficiently motivated to install listening devices or to gain enough control over the victim’s phone to be able to hear and record the key go into the lock. Both of which attacks require some reasonable amount of technical skill as well.

And said attacker wouldn’t simply watch about 15 minutes of youtube and figure out how to bump the lock? Wouldn’t simply use their very advanced surveillance to simply listen and record?

I mean, it’s a neat trick and all. I just can’t see this really being a thing that will keep my awake at night trying to prevent.

Doing nothing seems a good enough defence at the moment. Who always inserts their keys at a constant speed - the constant speed the analysis requires?

The strategy is a long way from being viable in the real world. For one thing, the method relies on the key being inserted at a constant speed. And the audio element also poses challenges like background noise.

Right? It would never fall into the hands of a criminal…

Bumping and raking attacks depend on straight, standard pins. A lock with security pins costs a few bucks more, but some people live in a situation where they’re not allowed to change out the locks.

The proper terms for the cuts of a key are root (what they call ‘notches’), the part at the bottom of the cut where the tip of the pin rests; wall, where the pins slide as the key is inserted and removed; and shoulder stop for this particular type of key (tip stops are used with some brands), not an area between the bow (head) and shoulder stop.
AFAIK there is no name for the ‘teeth’ - this is simply the end of the wall of each cut. There is a type of key cutting called a laser cut that doesn’t have plunge cuts per se. The shallower cuts have the wall to the adjacent deeper cut sheared off by not raising the cutting wheel when progressing to the next cut. Most manufacturers don’t recommend it as a key with progressively deeper cuts toward the tip can be pulled out of the cylinder without returning the cylinder plug to the locked position.

It’s easier to determine the cuts of a key by photographing it. An experienced locksmith can eyeball a cut key and often accurately cut a key to factory code depths.

Easily defeated by randomly yelling really loud as you unlock your front door. Works for me.

Roger that!

rogue one…

Oh, no question that it is currently impractical. I was simply speculating on a strategy most likely to be extremely hard to defeat in the longer run.

The key shown for this article would be a headache to audibly decode. It’s an ASSA V10 key, using 6 conventional bottom pins for the cuts you can see here. There is a side milling on the other side of the key that operates 5 finger pins that have to be raised to the correct height and rotated to one of 2 angles to release the sidebar mechanism. I’d bet there’s a lot of noise generated by these pins engaging the side milling that makes it really tough to determine acoustically what the correct cuts for the bottom pins should be.

The other solutions are as plugh has noted. When you stack the technologies it’s almost impossible to defeat. You can beat anything with enough time and technology but it’s not worth the work for what’s behind the average household’s front door.

Frankly, if I wanted the actual key, for most simpler locks I’d “candle” it instead (a process using a candle’s soot to mark exactly where to cut a key by hand). It’s problematic, though for quick entry, you need the key blank that fits the particular lock you are dealing with and easy access to the lock, and complex countermeasures easily make it near-impossible.

Remember, folks, sometimes the best way to bypass a lock is a brick or swift kick ^^’ .

…or steal a copy of the key.

This kind of attack is not supposed to be an easy way to break into your house to steal your TV. It’s for spooks and high level industrial espionage and like art thieves and stuff. People who want access to a place without you knowing you kicked your way in.

All the sneering at how this is just a proof of concept and you have to put the key in at a fixed rate etc is totally missing the point. Today’s lab proof of concept is tomorrow’s casual technology. Like is this a risk to anyone today? no. Will it ever be a risk to your home? no, obv they are just going to kick the door in or break a window. That really seems to be missing the point though.