[old] Acoustics-based Physical Key Inference

[Undescribed Horrific Abuse, One Victim & Survivor of Many]

popped up in reddit and twitter today, from 3 years ago
https://gwern.net/doc/technology/2020-ramesh.pdf

Physical locks are one of the most prevalent mechanisms for secur- ing
objects such as doors. While many of these locks are vulnerable to
lock-picking, they are still widely used as lock-picking requires
specific training with tailored instruments, and easily raises suspi-
cion. In this paper, we propose SpiKey, a novel attack that signifi-
cantly lowers the bar for an attacker as opposed to the lock-picking
attack, by requiring only the use of a smartphone microphone to in-
fer the shape of victim’s key, namely bittings (or cut depths) which
form the secret of a key. When a victim inserts his/her key into the
lock, the emitted sound is captured by the attacker’s microphone.
SpiKey leverages the time difference between audible clicks to ulti-
mately infer the bitting information, i.e., shape of the physical key.
As a proof-of-concept, we provide a simulation, based on real-world
recordings, and demonstrate a significant reduction in search space
from a pool of more than 330 thousand keys to three candidate keys for
the most frequent case.

· Security and privacy → Side-channel analysis and counter-
measures; · Hardware → Sound-based input / output.

Side-channel Attacks; Acoustic Inference; Physical Key Security