Smudge attacks on smartphone screens

Discussion in 'Current Events' started by Doctor Q, Aug 16, 2010.

  1. Doctor Q Administrator

    Doctor Q

    Staff Member

    Sep 19, 2002
    Los Angeles
    This article in PDF format is a report from University of Pennsylvania researches who found that they could read passwords from photos of screens of Android phones when the "password pattern" method is used to unlock the phone.

    Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred.
    Their experiments showed that they could read passwords from residual smudges a good percentage of the time.

    In one experiment, the pattern was partially identifiable in 92% and fully in 68% of the tested lighting and camera setups. Even in our worst performing experiment, under less than ideal pattern entry conditions, the pattern can be partially extracted in 37% of the setups and fully in 14% of them.
    It may have been a convenient feature, but users of phones that allow pattern-based passwords would be wise to use an alphanumeric password instead.

    On an iPhone I imagine that the same problem could occur if somebody photographed your screen right after you entered a password on the virtual keyboard.

    Unless we all wear gloves or have exceptionally non-greasy hands!
  2. iJohnHenry macrumors P6


    Mar 22, 2008
    On tenterhooks
    Or have tear-aways, like GP drivers do on their helmets.
  3. Counterfit macrumors G3


    Aug 20, 2003
    sitting on your shoulder
    Yeah, but then they'd get stuck in the speaker and microphone holes. :p

Share This Page