View Full Version : Smudge attacks on smartphone screens

Doctor Q
Aug 16, 2010, 05:18 PM
This article (http://www.usenix.org/events/woot10/tech/full_papers/Aviv.pdf) in PDF format is a report from University of Pennsylvania researches who found that they could read passwords from photos of screens of Android phones when the "password pattern" method is used to unlock the phone.

Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred.
Their experiments showed that they could read passwords from residual smudges a good percentage of the time.

In one experiment, the pattern was partially identifiable in 92% and fully in 68% of the tested lighting and camera setups. Even in our worst performing experiment, under less than ideal pattern entry conditions, the pattern can be partially extracted in 37% of the setups and fully in 14% of them.
It may have been a convenient feature, but users of phones that allow pattern-based passwords would be wise to use an alphanumeric password instead.

On an iPhone I imagine that the same problem could occur if somebody photographed your screen right after you entered a password on the virtual keyboard.

Unless we all wear gloves or have exceptionally non-greasy hands!

Aug 16, 2010, 05:44 PM
Unless we all wear gloves or have exceptionally non-greasy hands!

Or have tear-aways, like GP drivers do on their helmets.

Aug 17, 2010, 11:47 PM
Yeah, but then they'd get stuck in the speaker and microphone holes. :p