A group of security researchers from the department of computer science at the National University of Singapore has created an attack model they call SpiKey to determine the key shape that will open any tumbler lock.
Soundarya Ramesh, Harini Ramprasad and Jun Han are the talented hackers behind SpiKey, which they say "significantly lowers the bar for an attacker," when compared to a more traditional lock-picking attack. The theoretical methodology is deceptively simple, listening for the sound of the key as it moves past tumbler pins in turn when the key is inserted in the lock.
The Singapore hackers use a simple smartphone to record the sound of the key being inserted, and withdrawn, with a smartphone and then observe the time between each tumbler pin click using their custom key reverse-engineering application. This forms the secret of the key, the fine-grained bitting depths which, the researchers report, can differ by as little as 15 milli-inches, or 0.381 millimeters.
"As SpiKey infers the shape of the key, it is inherently robust against anti-picking features in modern locks," the research paper states, "and grants multiple entries without leaving any traces."