Communications of the ACM
Your Android Device's Pattern Lock Can Be Cracked Within Five Attempts
The Pattern Lock system used to secure millions of Android smartphones can be cracked within just five attempts, and more complicated patterns are the easiest to crack, security experts reveal.
Credit: Lancaster University
Researchers at Lancaster University and the University of Bath in the U.K., and Northwest University in China, have found attackers can crack Android's Pattern Lock security system within five attempts by using video and computer-vision software.
An attacker can covertly record the owner drawing their pattern lock shape to unlock their device, and then use software to track the owner's fingertip movements relative to the position of the device. Within seconds, the algorithm produces a group of candidate patterns to access the Android phone or tablet.
The researchers also found the attack works even without the video footage being able to see any of the onscreen content, regardless of screen size.
The team evaluated the attack using 120 patterns collected from independent users, and they cracked more than 95% of patterns within five attempts.
Although complex patterns are used to make it harder for observers to replicate, the researchers found these shapes are in fact easier to crack because they help the fingertip algorithm to narrow down the possible options.
"Contrary to many people's perception that more complex patterns give better protection, this attack actually makes more complex patterns easier to crack and so they may be more secure using shorter, simpler patterns," says Northwest University's Guixin Ye.
From Lancaster University
View Full Article
Abstracts Copyright © 2017 Information Inc., Bethesda, Maryland, USA
No entries found