New research from Northwest University in China, Lancaster University, and the University of Bath indicates that attackers are able to crack Android’s Pattern Lock system in only five attempts with the help of video and computer vision algorithm software. The institutions, which received funding from the Engineering and Physical Sciences Research Council (EPSRC) discovered that more difficult patterns are actually the easiest to break.
Nearly 40% of Android users rely on Pattern Lock, a security measure many prefer to longer passwords or PIN codes. To unlock an Android phone or tablet using Pattern Lock, a user draws a pattern on the Android screen, which forms a grid of dots. Assuming the pattern drawn matches that previously set by the owner, the device unlocks. If the pattern is formed incorrectly five times, the device is locked.
To access another person’s device, someone might secretly film an owner drawing their Pattern Lock shape to enter their phone. In a crowded place, this would be easy to miss. Then, a criminal would use software to track the movements of the owner’s fingertips relative to the position of the device. Very quickly, the criminal would be able to view a small number of possible patterns thanks to an algorithm, able to unlock the phone before they were locked out.
“Pattern Lock is a very popular protection method for Android Devices. As well as for locking their devices, people tend to use complex patterns for important financial transactions such as online banking and shopping because they believe it is a secure system. However, our findings suggest that using Pattern Lock to protect sensitive information could actually be very risky,” notes Dr Zheng Wang, lead researcher and lecturer at Lancaster University.
A hacker wouldn’t need video footage to show the device’s screen and the size of the screen wouldn’t matter — accurate results are produced either way. Researchers found that results were accurate even on a video recorded on a mobile device from two-and-a-half meters away, making the process easy to miss. If a hacker had a digital SLR camera, footage would produce reliable results from up to nine meters away.
Researchers were able to access more than 95% of devices within five attempts by using this method in a study of 120 unique patterns gathered from 120 users. While some users chose difficult patterns with the hope that onlookers may have a more difficult time replicating them, the study actually found them easier to decipher because they assist the fingertip algorithm in reducing possible options. In fact, researchers cracked complex patterns in the first try in all but one case. For patterns of medium complexity, 87.5% were cracked on the first attempt, and for simple patterns, that number dropped to 60% accessed within one try.
These sorts of attacks would allow criminals access to phones after they’d been stolen, leading to the potential release of sensitive information. Thieves may also use this method to install malware on user devices while their owners are distracted or use the same pattern to access multiple devices owned by the same person.
Researchers suggest that Android Pattern Lock users fully cover their fingers as they draw a pattern, move their fingers to complete other activities, and adjust the screen color and brightness to intentionally confuse any possible cameras seeking to record their device.
Source: Phys.org
Advertisement
Learn more about Electronic Products Magazine
