Touchscreen Smudges Could Reveal Passwords
It's not difficult to determine device unlock patterns thanks to oily fingertips, a camera and a PC.
Smudges on touchscreens can reveal passwords? That's what researchers from the University of Pennsylvania said in a report (pdf) during the Usenix security conference. Apparently patterns can be photographed and traced from greasy finger smudges, especially when pattern unlock methods are used.
"Touchscreens are touched, so oily residues, or smudges, remain on the screen as a side effect," the report said. "Latent smudges may be usable to infer recently and frequently touched areas of the screen--a form of information leakage."
The researchers focused on Android because the OS uses a pattern-tracing method (prior to 2.2) to lock and unlock the host device. In order to gain access, users must trace a pattern between four points. The team discovered that--when using this method--it could decipher the phone's pattern 92-percent of the time by taking photos of the screen and then enhancing the contrast.
Dubbed as a "smudge attack," the team said that hackers could easily gain access to the device simply by using a camera and a computer. The report indicated that smartphone owners should consistently clean the touchscreen surface to thwart finger tracking. Additionally, this preventative measure isn't limited to just Android owners--it applies to any touchscreen device such as bank machines, PIN entry systems, voting devices and more.
The researchers said that the study won't be primarily focused on oily residues left behind by fingers. "We believe smudge attacks based on reflective properties of oily residues are but one possible attack vector on touch screens,” the report said. “In future work, we intend to investigate other devices that may be susceptible, and varied smudge attack styles, such as heat trails caused by the heat transfer of a finger touching a screen."
- Light Controls New Membrane’s Permeability
- Salts Used for 24-Hour Solar Energy Generation
- Six-Limbed NASA Robot Does the Moves
- VIDEO: Dell Thunder Prototype Fondled, Flipped
- GoldenEye Wii Gets Golden Classic Controller Pro
- Google Experimenting With UAV Spy Drones?
- Verizon Releases Android Froyo for DROID Users
- Cool: Water Now Freezes at Room Temperature
- Apple ''iTV'' Losing 1080p Playback, Gaining Apps
- Software 'Removes' Pedestrians from Street View
- UK Tests Firefighting Motorbikes
- Sony Planning PSP Go Phone Running Android 3.0
- Report: Amazon Not Ruling Out Smartphones
- Nintendo Wii Becomes Fastest Selling Console
- Epic 4G Hitting Shelves August 31 at $250
- Report: Verizon iPhone will Have New Antenna
- YES: R2-D2 Droid 2 Actually Looks Like R2-D2
- 21% of Americans Aren't Using the Internet
- CoD: Black Ops Prestige Comes With RC Spy Car
Works with keyboards too...
Or google could just take it and call it a day.
Not hating, but there are better ways
yeah this is nothing new. its not limited to just smartphones with pattern keys but can give away your passcode/key to doors and other devices that require to to touch buttons. an old company i worked for clearly used its address as the code since those were the buttons with their writing nearly rubbed off.
that said, i take care to wipe my phones touch screen off regularly during the day even though it rarely leaves my pocket/sight.
Ok .. wait .. how long did it take people to figure that one out ? Old tricks still work to break "the new hottness" in security...
I touched my cock. Will they figure that out?
...seriously!
I love to touch my phone.
See this is exactly why i got an iphone, if i can't hold it then no one can guess my password, betcha stupid androids don't have that feature.
The first thing I though of when I read this article was the mission in the first Splinter Cell where you have to use the heat goggles to get past the numeric keypad after the guard goes through the door.
Looks like somebody rewatched National Treasure...
Anyone who lets the phone out of their sight is an idiot!
Hmmm, if they had time to sit there and fiddle with your phone and get your data, they would have had enough time to turn it off and slip it into their pocket.
If the issue was the data then you are placing way too much expectations on the data security of the phone OS. Even if this was a Windows notebook most people could attach the HDD as a secondary drive and read all the data.
So what exactly then is issue - were you expecting impregnable self destruct type security? Me, I would be more pissed off I lost a very decent phone.
atm machines are used by hundreds of people, you'd have to detect which prints were the most recent
just wash your hands more often - you filthy American Apple users...
Wow. What news! NOT. Anyone who's used an unlock pattern could have told you this. doh! Researchers of the obvious!
Suckers, they will soon find that "www.google.com" is not my password!
Looks like somebody rewatched National Treasure...
I find that difficult to believe...
So.. clean your screen? Problem solved.
u need to know the order of the keys pressed anyways
Usually i just make drawings in the oil on my phone. Who knew i was being secure?
looks at EVO, looks at article, looks at EVO again, licks EVO, rubs EVO on shirt sleeve.
WHO CARES!?!?
What's next? Researches will figure out that people leave footprints on the beach?
What's next? Researches will figure out that people leave footprints on the beach?
WHOAAAAA!!! you're smart!!! maaan, why don't you go work for NASA and let us dumb people be!!