Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Google Security Technology

Touchscreens Open To Smudge Attacks 185

Posted by CmdrTaco from the windex-security dept.
nk497 writes "The smudges left behind on touchscreen devices could be used to decipher passwords to gain access, according to researchers at the University of Pennsylvania. The report tested the idea out (PDF) on Android phones, which use a graphical pattern that the user traces to unlock the handset. The researchers took photos of the smudge trails left on the screen and bumped up the contrast, finding they could unlock the phone 92% of the time. While they noted Android 2.2 also offers an alphanumeric password option, the researchers claimed such a smudge attack could be used against other touchscreen interfaces, including bank machines and voting machines. 'In future work, we intend to investigate other devices that may be susceptible, and varied smudge attack styles, such as heat trails caused by the heat transfer of a finger touching a screen,' they said."
This discussion has been archived. No new comments can be posted.

Touchscreens Open To Smudge Attacks More

Touchscreens Open To Smudge Attacks

Comments Filter:

  • Done that (Score:1, Informative)

    by Anonymous Coward on Wednesday August 11, 2010 @09:14AM (#33214394)

    My daughter's phone is locked with the pattern thing and I was amused that I could easily read it from the smudges.

    I have the same phone model but I don't bother to lock it. There's nothing on it anyway.

  • Non touch-screens, too (Score:5, Informative)

    by Rob the Bold ( 788862 ) on Wednesday August 11, 2010 @09:23AM (#33214484)

    This isn't really that different from the case of push-button locks that are subject to "wear attacks", is it? You know, just check to see which of the 5 or so buttons are most worn/polished/dirty. If it's 3 of them, you've only got to try 6 permutations -- maximum -- to open it. Worked fine in my wife's hospital room for the locked supply drawer. Two tries. All the bandaids and gauze I wanted.

    I'd say this case is much harder to fix than the touchscreen, given the "randomize" suggestion above. Sure it's a little bit of a pain, but not that bad if security is actually important.

  • Scanning for heat trails? (Score:2, Informative)

    by Pioto ( 933065 ) on Wednesday August 11, 2010 @09:35AM (#33214638) Homepage
    Scanning for heat trails... that reminds me of Cyberia [wikipedia.org]...

  • Re:Rather simple fix (Score:2, Informative)

    by riperrin ( 1310447 ) on Wednesday August 11, 2010 @11:16AM (#33215758)
    Actually I have a similar story. My brother left his car at the back of my house while he spent a year travelling. When he came back he couldn’t remember the code to deactivate the immobiliser. 10000 possible combinations and every third time you got it wrong you’d get the alarm going off and you’d have to disconnect the battery. Clearly a brute force attack would piss off the neighbours. So we sat an had a little think about it with a cup of tea (we are British), at which point we noticed that four of the buttons were a lot cleaner than the others. Suddenly we only had 24 combinations to try and managed to set the alarm off only twice.

    Top tip: If you’ve got a number pad immobiliser, give it a bit of a clean.

    In similar news, I find watching someone draw a pattern a lot easier to replicate than seeing them type numbers. With the “trail” option on you can see the pattern from half the pub away.

  • Re:Non touch-screens, too (Score:1, Informative)

    by Anonymous Coward on Wednesday August 11, 2010 @12:38PM (#33216814)

    "Worked fine in my wife's hospital room for the locked supply drawer. Two tries. All the bandaids and gauze I wanted."

    You did read the earlier story on /. titled "Online Forum Speeding Boast Leads To Conviction"...right?

Slashdot Top Deals

Real Programmers don't eat quiche. They eat Twinkies and Szechwan food.

Close