Smudge attacks on smartphone screens

Discussion in 'Current Events' started by Doctor Q, Aug 16, 2010.

  1. Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #1
    This article in PDF format is a report from University of Pennsylvania researches who found that they could read passwords from photos of screens of Android phones when the "password pattern" method is used to unlock the phone.

    Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred.
    Their experiments showed that they could read passwords from residual smudges a good percentage of the time.

    In one experiment, the pattern was partially identifiable in 92% and fully in 68% of the tested lighting and camera setups. Even in our worst performing experiment, under less than ideal pattern entry conditions, the pattern can be partially extracted in 37% of the setups and fully in 14% of them.
    It may have been a convenient feature, but users of phones that allow pattern-based passwords would be wise to use an alphanumeric password instead.

    On an iPhone I imagine that the same problem could occur if somebody photographed your screen right after you entered a password on the virtual keyboard.

    Unless we all wear gloves or have exceptionally non-greasy hands!
     
  2. macrumors P6

    iJohnHenry

    Joined:
    Mar 22, 2008
    Location:
    On tenterhooks
    #2
    Or have tear-aways, like GP drivers do on their helmets.
     
  3. macrumors G3

    Counterfit

    Joined:
    Aug 20, 2003
    Location:
    sitting on your shoulder
    #3
    Yeah, but then they'd get stuck in the speaker and microphone holes. :p
     

Share This Page