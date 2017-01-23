Android Device's Pattern Lock Can Be Cracked Within Five Attempts, Researchers Show (phys.org) 55
The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts -- and more complicated patterns are the easiest to crack, security experts reveal. From a research paper: Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners. In order to access a device's functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked. New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software. By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy cafe; for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner's fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.
Here's the two biggest problems with fingerprint sensors. Those two are easily beat. Further, a fingerprint can be compelled by law enforcement to unlock phones, where a passphrase cannot.
Scratch patterns too will show the path (Score:3)
If you have high speed camera then even pin can be cracked. People are now taking care to hide the pin in POS terminals and ATM. Soon they will develop ways to screen the screen with a palm or something to thwart video cameras in public setting.
If you leave scratches in your phone just by using it as intended, maybe look into getting a better phone.
Thinking about it too hard (Score:4, Insightful)
Why on earth do you need some complex setup involving surveillance equipment (which would defeat most schemes)?
I have a phone with the "pattern" security. I noticed straighaway that its barely security at all. All you have to do to see the pattern is look at the phone at an oblique angle. Human fingerprints leave oils behind and in the right light the pattern is clear as day. Since that is the most commonly touched area, its really obvious.
The only "trick" would be figuring out what order its done in. For most people (who aren't smart enough to use a spot twice), that'll take only 2 tries.
1. Allow the user to move to non-adjacent spots.
2. Allow the user to double-back along the pattern.
Or if you're like me and make frequent use of a Chinese character trainer app on your phone.
Re: (Score:3)
It's still not fool proof as anyone with a clear view will be able to see the exact images that were used and reproduce it,
Doesn't work on PINs for ... what reason again? (Score:3)
What's the big difference between watching someone type a PIN and watching someone smear finger grease all over his phone?
I would be interested if..... (Score:2)
all but what one? (Score:2)
During tests, researchers were able to crack all but one of the patterns categorised as complex within the first attempt
What was the uncrackable pattern? They should release this info so security-minded users can switch over to that one.
TLDR: Some dude figures out that video recording someone entering their password lets you figure out the password...
