Touchscreens Open To Smudge Attacks 185
nk497 writes "The smudges left behind on touchscreen devices could be used to decipher passwords to gain access, according to researchers at the University of Pennsylvania. The report tested the idea out (PDF) on Android phones, which use a graphical pattern that the user traces to unlock the handset. The researchers took photos of the smudge trails left on the screen and bumped up the contrast, finding they could unlock the phone 92% of the time. While they noted Android 2.2 also offers an alphanumeric password option, the researchers claimed such a smudge attack could be used against other touchscreen interfaces, including bank machines and voting machines. 'In future work, we intend to investigate other devices that may be susceptible, and varied smudge attack styles, such as heat trails caused by the heat transfer of a finger touching a screen,' they said."
Rather simple fix (Score:5, Insightful)
Just randomize the keyboard every time (Score:4, Insightful)
Just randomize the keyboard every time, bam, smudges are now useless. Or use Apple's oleophobic display coating (http://iphoneindia.gyanin.com/2009/06/11/iphone-3gs-gets-oleophobic-coating-whats-this-oleophobic-coating/) assuming it's good enough to thwart this attack.
Well, maybe ... (Score:2, Insightful)
Re:Just randomize the keyboard every time (Score:1, Insightful)
And we have the winner! Only downside of randomization I can think of is that it might cause problems for the blind and visually impaired, but then I don't know if the blind can even use touchscreens in the first place, and someone who has a visual impairment serious enough that randomization would cause problems might not be inclined to use touchscreens in the first place.
Re:Well, maybe ... (Score:3, Insightful)
Practically (Score:3, Insightful)
Does this mean I should stop eating chocolate while using my touchscreen toy? :/
No seriously, it might work 92% of the time, but that's assuming the user just unlocked and did not use the device. Using it would introduce noise and break the unlock-smudges, dropping the percentage closer to zero the more they use it.
Re:Duh (Score:2, Insightful)
Re:Rather simple fix (Score:2, Insightful)
That cloth will soon become virus/bacteria farm instead of being security feature.