
Picking Locks with Audio Technology - MindGods
https://cacm.acm.org/news/246744-picking-locks-with-audio-technology/fulltext
======
jeffbee
I hate the way journalists try to make things sound scarier by throwing in 3D
printing, as if a new world of criminal technology is upon us. Surely 3D
printing is the very worst, and slowest, way to make a key. Nobody has been
waiting for 3D printing to enhance their breaking-and-entering game.

------
brudgers
Last week some comment linked to a LockPickingLawyer YouTube video and I’ve
been binge watching since. Odds are, it is faster just to pick your lock for
anyone who knows enough about the type of lock to know the right blank to cut.
And access to set up a microphone means access to set up a camera and work
from a picture of your key. But with that kind of access, traditional
impressioning is probably practical.

Anyway
[https://m.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ/video...](https://m.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ/videos)

------
GuB-42
That's an interesting attack. However, it looks like they used it on rather
simple lock. These locks could be picked quickly by a moderately experienced
picker, and with the right tool, decoded.

But most high security locks have some kind of trick: sliders, rotating pins,
pin in pins, or simply a rediculous amount of pins. It would be interesting to
know how exciting security features in locks could prevent that attack. For
example, if two pins are lifted at the same time, how to tell which is which
by sound?

------
petee
Given some isolation from prying eyes, a good non-technical method of making a
key is to use a blank and grind it by hand. By binding the cylinder and
wiggling the key, it leaves marks for each pin that is bound up; grind a
little and repeat. Obviously not going to work for certain lock styles with
security pins, or Medeco locks (but nor will audio work either, unless you can
somehow hear a pin rotating a specific direction)

~~~
Chirael
For anyone who’s interested in this, it’s called impressioning and is really
cool. It basically uses the design of the lock (pins pushed down into the
keyway by springs, preventing the cylinder from turning) in the attack by
using the marks those pins make on a key, to gradually fashion a working key.

------
CMay
The talk on this is here:
[https://www.youtube.com/watch?v=bxyAa_txM34](https://www.youtube.com/watch?v=bxyAa_txM34)

------
noodlesUK
I’m not sure what the threat model that this brings is. It’s certainly very
cool research, but nothing particularly scary to even the highest security
facilities... I can’t really imagine a situation where you can install an
audio bug where you can’t also install a video bug to grab a picture of the
key...

------
segfaultbuserr
Acoustic side-channel attacks on mechanical locks, I guess it's possibly more
effective than an acoustic side-channel attack on an electronic lock running
inside a computer. Side-channel, side-channel everywhere.

------
londons_explore
If your home is broken into, but there is no smashed window, most home
insurance policies won't pay out.

This sort of research will hopefully allow more homeowners to get payouts they
are entitled to.

~~~
Fezzik
This is not even remotely true. Please point to any legitimate insurance
provider that has this exception.

~~~
londons_explore
There isn't a written exception for it in the policy, but when the claims
adjuster comes round they'll use it as an excuse to not pay anything because
there's no evidence of theft.

------
adrianmonk
> _work out how to surreptitiously acquire the audio from a key insertion_

Another way: hang a flyer or bag on their door knob. Include a free pen that
has a hidden microphone/transmitter in it. People stick things on doors all
the time for marketing purposes, so probably not too suspicious.

------
craftinator
Interesting. I wonder if a laser/receiver pointed on the door would give a
good enough vibration noise/signal ratio to get the required detail level
audio to print a key?

~~~
williamtrask
... from space ...

------
ipi
This is ingenious!

------
amelius
Or make clicking noises when you insert your key?

