Acquired Electronics360

Video Surveillance

Pattern Locks in Android Smartphones and Tablets Easily Cracked

24 January 2017

The Pattern Lock in Android mobile phones and tablets is used by many consumers as an alternative to PIN codes or text passwords. It works by users drawing a pattern on an on-screen grid of dots -- if this matches the pattern set by the owner the device unlocks. About 40% of Android owners use this pattern lock system to protect their devices.

However, new research from Lancaster University, Northwest University in China and the University of Bath show that attackers can crack Pattern Lock systems in just five attempts. And the more complicated patterns are, the easier they are to crack.

Capturing video of an Android owner and using computer vision algorithms can help attackers crack Android devices in just five attempts. Source: Lancaster University Capturing video of an Android owner and using computer vision algorithms can help attackers crack Android devices in just five attempts. Source: Lancaster University Researchers accomplished this by covertly video recording the owner unlocking their device with a Pattern Lock shape, and then the attacker uses the software to quickly track the owner’s fingertip movements relative to the position of the device. Within seconds, the algorithm produces a small number of patterns to access the smartphone or tablet.

Researchers say that the attack works even when the video of the device does not see any on-screen content -- meaning video can be obtained much further away (up to two and half meters) without covert shoulder-surfing.

The team evaluated attacks on Android phones using 120 unique patterns collected from independent users. They were able to crack the Pattern Lock system 95% of the time within five attempts. More complex patterns, which use more lines than dots, were easier to crack because the fingertip algorithm made it easier to narrow down the possible options.

During tests, researchers were able to crack Android devices with complex patterns 87.5% of the time on the first attempt, and 60% of the time for simple patterns on the first attempt.

“Contrary to many people's perception that more complex patterns give better protection, this attack actually makes more complex patterns easier to crack and so they may be more secure using shorter, simpler patterns,” said Guixin Ye, a student at Northwest University that helped in the study.

This form of attack would allow attackers to obtain sensitive information on Android devices or would allow them to install malware quickly while owners were distracted. Given many consumers use the same pattern on multiple devices, this could potentially give attackers access to multiple devices, according to researchers.

So how do you prevent attacks like this from happening? Researchers say fully covering fingers when drawing patterns or changing patterns frequently is a good way. Also using pattern locking with other activities such as entering a sentence using Swype-like methods would make cracking the device much harder.

To contact the author of this article, email Peter.Brown@ieeeglobalspec.com


Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Advertisement
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Advertisement

CALENDAR OF EVENTS

Date Event Location
30 Nov-01 Dec 2017 Helsinki, Finland
23-27 Apr 2018 Oklahoma City, Oklahoma
18-22 Jun 2018 Honolulu, Hawaii
Find Free Electronics Datasheets
Advertisement