A team of security specialists discovered an easy method of cracking Android pattern locks with a very high degree of accuracy.
Android Pattern Locks Not So Secure As You May Think
A team of researchers devised a new mechanism that is able to defeat the Android pattern locks in less than five tries. The experts are from the Lancaster University, China’s Northwest University and University of Bath. Together they developed a software that is able to decipher the swipes with a very high degree of accuracy – 95% of all subjects in the carried experiments and demonstrations.
The used mechanism was a simple combination of a hidden video recording device and a crafted computer vision algorithm. The researchers used hidden recorders that tracked the movement of the victim’s swipes. The devised software tracks the fingertip movements relative to the position of the devices. In seconds the crafted algorithm software produces a small batch of candidate patterns to access the relevant Android device. In performed tests and demonstrations this has resulted in a very accuracy.
An important factor in the attack scenario is that there is no need to record any footage of the on-screen contents and there is no minimum requirement for the screen size of the target device. The team used mobile devices that were able to successfully gather meaningful readings from a distance of up to two meters and a half. It is also reliable with recordings made on a DSLR camera at a distance of up to nine meters away.
Surprisingly it was far easier to crack the more complex pattern locks as they relied on multiple fingertip moves. This made it easier to narrow down the possible combinations. According to the team, this form of attack can enable attackers to access target phones to obtain private information. Other dangerous scenarios include installing malware on distracted Android device owners. According to previous research people often use the same lock pattern across multiple devices. This automatically means that a single successful attack can potentially breach multiple devices.
Proposed countermeasures include the following tips:
-
Device owners should fully cover their fingers when drawing their pattern to obstruct any recording attempts.
-
Users can combine Pattern lock entering with other activities such as mimicking entering a sentence.
-
Using adjustments in the screen color or brightness control can confuse recording cameras and computer vision software.
For more information you can access the complete paper titled “Cracking Android Pattern Lock in Five Attempts“.