Paper: Android's Graphical Passcodes are Insecure
Most Android phones allow users to protect their phones from unauthorized access by drawing a pattern on their device’s touchscreens. According to a team of researchers from the University of Pennsylvania, however, these graphical passwords are actually extremely easy to crack, as “oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred.”
The team, which presented its findings during the Woot ’10 USENIX workshop in Washington, DC, found that by simply taking photographs of the screens with the right lightning and camera positions allows unauthorized users to guess a user’s security pattern.
If you think that just cleaning the screen regularly would prevent this, then think again. According to the researchers, “smudges are surprisingly persistent in time.” They found that “it is surprisingly difficult to incidentally obscure or delete smudges through wiping or pocketing the device.” In the team’s experiments, the pattern was partially identifiable 92% of the time and in 68% of cases, it was fully identifiable.
You can find the full paper here.
Looking for more tech stories to read? Give our new tech news aggregator a try.
About the author
Frederic Lardinois founded SiliconFilter in 2011. Before starting this site, he wrote about 1,500 articles for ReadWriteWeb. His areas of interest are consumer web and mobile apps, as well as Internet-connected devices like cars, smart sensors and toasters. You can reach him at [email protected]