So you think that complicated pattern you use to unlock your phone makes you some sort of a modern day DaVinci? Here’s some news that’ll break your little paint brush. Used by around 40% of Android device owners, the pattern lock system on smartphones can be cracked within just five attempts – and more complicated patterns are the easiest to crack, security experts have warned.
Since one only gets 5 attempts to get the ‘Connect-the-dots’ pattern right, new research from Lancaster University, University of Bath in the UK and the Northwest University in China, shows for the first time that attackers can crack pattern lock reliably within five attempts by using video and computer vision algorithm software.
So you might be at a Restaurant, a cafe, or just anywhere in public, and someone can covertly capture a video of you drawing the pattern lock shape to unlock your device. The attacker can then use software to quickly track the owners fingertip movements relative to the position of the device. Within seconds, the algorithm produces a small number of candidate patterns to access the Android phone or tablet. The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen.
Results are accurate, even when the video is recorded on a mobile phone from up to two and a half metres away. In the case of a digital SLR camera used to spy on the target, it works reliably with footage recorded at distances up to nine metres away. Researchers evaluated the attack using 120 unique patterns collected from independent users. They were able to crack more than 95 per cent of patterns within five attempts. Complex patterns, which use more lines between dots, were easier to crack because they help the fingertip algorithm to easily narrow down the possible options.
This form of attack would enable thieves to access phones after pinching them to obtain sensitive information, or would allow malware to be quickly installed on devices while their owners were distracted. We used to think grimy screens left the best trace of what a user’s pattern must be, but this is more technical. However, with the growing number of phones sporting fingerprint scanners these days, and with facial recognition and retina scanners rumored to be introduced too, we believe the pattern lock system will slowly become obsolete. But you have been warned!
