popped up in reddit and twitter today, from 3 years ago https://gwern.net/doc/technology/2020-ramesh.pdf Physical locks are one of the most prevalent mechanisms for secur- ing objects such as doors. While many of these locks are vulnerable to lock-picking, they are still widely used as lock-picking requires specific training with tailored instruments, and easily raises suspi- cion. In this paper, we propose SpiKey, a novel attack that signifi- cantly lowers the bar for an attacker as opposed to the lock-picking attack, by requiring only the use of a smartphone microphone to in- fer the shape of victim’s key, namely bittings (or cut depths) which form the secret of a key. When a victim inserts his/her key into the lock, the emitted sound is captured by the attacker’s microphone. SpiKey leverages the time difference between audible clicks to ulti- mately infer the bitting information, i.e., shape of the physical key. As a proof-of-concept, we provide a simulation, based on real-world recordings, and demonstrate a significant reduction in search space from a pool of more than 330 thousand keys to three candidate keys for the most frequent case. · Security and privacy → Side-channel analysis and counter- measures; · Hardware → Sound-based input / output. Side-channel Attacks; Acoustic Inference; Physical Key Security