Android News

Android’s gesture unlock screen is suceptible to “smudge attacks”

August 16, 2010 | by Andrew Kameka



Ever since my 10-year-old cousin was able to get onto my G1 without my permission, I’ve known that the Android gesture unlock screen wasn’t as secure as most would like. The little runt was able to guess my unlock pattern by looking at smudges on the screen and do a little trial and error until the phone unlocked.

Now a bunch of lab-coats and geniuses at the University of Pennsylvania (go Quakers!) have gone scientific on a lesson I’ve already learned from a grade-schooler. The researchers proved that it’s possible for a security code to be discovered based on the smudges left behind, even if a user has wiped the screen. They were able to fully crack the code in 68 percent of optimal lighting and camera set-ups, and even had 14 percent accuracy in less than ideal conditions. (Read the full report and abstract here).

I must point out that most people don’t have anything important enough to warrant creating lighting and camera set-ups just to get into your phone. But people want to feel secure with their data, and “smudge attacks” leave them open to threats. If you have a snoopy girlfriend or someone trying to research you to perform Inception, maybe you ought to switch to the key-based security lock available in Froyo.

Go to Menu > Settings > Security
Press “Set up screen lock”
Press “Enter pin lock”
Add your personal pin (note: don’t do something easy to guess like 1-2-3-4)

I wonder if people will eventually be able to guess smudges left on the keypad.
[Techdirt ] via Gizmodo