Touchscreens Open To Smudge Attacks 185
nk497 writes "The smudges left behind on touchscreen devices could be used to decipher passwords to gain access, according to researchers at the University of Pennsylvania. The report tested the idea out (PDF) on Android phones, which use a graphical pattern that the user traces to unlock the handset. The researchers took photos of the smudge trails left on the screen and bumped up the contrast, finding they could unlock the phone 92% of the time. While they noted Android 2.2 also offers an alphanumeric password option, the researchers claimed such a smudge attack could be used against other touchscreen interfaces, including bank machines and voting machines. 'In future work, we intend to investigate other devices that may be susceptible, and varied smudge attack styles, such as heat trails caused by the heat transfer of a finger touching a screen,' they said."
Rather simple fix (Score:5, Insightful)
Re: (Score:2)
Easier yet. install a matte anti glare screen protector and suddenly this goes away. It's been a "problem" for decades. if you wanted to you could dust a keypad for fingerprints and see the buttons that are the most used.
solution? wipe the screen regularly or dont use your ipad while eating barbecue ribs.
Re: (Score:3, Funny)
> solution? wipe the screen regularly or dont use your ipad while eating barbecue ribs.
So, never use an ipad?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
For Pin entry, something I've seen done for touchscreens is that the pin keyboard (whatever alphanumerics are allowed) has a randomized layout.
Similar to what you describe, the position and pattern followed by typing out your pin on the randomly-placed keys will rarely be "the same", making it much harder to deduce the pin based on fingerprint positioning.
Re: (Score:2)
The advantage that passface technology has is that it is well nigh impossible to write down the password. At the same time, it is very easy for most people to recognize someone they know. So if you see eight strangers and Uncle Bob (assuming a 3x3 grid) it's very easy to know what to press, even if you forgot that Uncle Bob was in your "recognized" list.
Re: (Score:2)
True, I'd expect it would work as well as a pin code, I think the randomized layout thing in either case handily prevents the "smudge" attack being discussed.
Re: (Score:2)
Yeah, because no-one is ever going to try to steal/rip from the chain/burn/destroy/cover with sticky stuff a cloth on a bit of string at an outside terminal! As it is they have to chain up pens inside the bank in case someone steals it.
Re: (Score:2)
Your point is valid, but I think far more people would absent mindedly walk off with pens with no intent for theft! Since I can never keep up with my own pens, maybe I should chain one to my desk! I always walk off with them and set them down in odd places!
Re: (Score:2)
Re: (Score:2, Insightful)
That cloth will soon become virus/bacteria farm instead of being security feature.
Re: (Score:2)
Or, you know, you could just buy a phone WITH A KEYBOARD.
Seriously, typing on the screen sucks, screen smudges and attacks based on them notwithstanding.
Re: (Score:2)
Re: (Score:2)
Or get an iPhone. Yes in theory the smug attack still exists. However it looks that much better then the Android plastic molded kiddy toys that the owner after is done using it cleans the glass just to keep the phone looking presentable.
Re: (Score:3, Funny)
Or get an iPhone. Yes in theory the smug attack still exists.
Oh, I'm pretty sure that there's no "in theory" about it.
Re: (Score:2)
This has already been done. The first I personally encountered such was in a then-new university building in the mid-90's. It had security panels at various points with individual illuminated LED display buttons. When not active, each button face was a rather enigmatic black. On the first press, the panels would "wake up", make (I kid you not) a sci-fi show warbling sound and scrambling animation on each keyface, then present a set of shuffled digits on the various keys. Each press reshuffled the displ
Re: (Score:2)
It would be easy enough to implement an alphanumeric password on a keyboard that's always a different shape / place on the screen. Or just instruct users to wipe their hand across the screen a few times on public touchscreens - maybe include a small microfiber cloth attached to the kiosk / ATM / whatever so clean it with.
Knew about this idea many years ago from spy movies/police shows. The cops/spies needed the combo to open a door/safe/whatever...so they blew/sprinkled dust on the keypad and got in. Too bad people haven't been paying attention all these years and guess it's a slow day.
Re: (Score:2)
Re:Rather simple fix (Score:5, Interesting)
Back when I was at MIT, we had utility vehicles on campus and several keypadded gates. The men in trucks drove up to the gates and entered codes. Since I didn't want to build any hardware, I colored the keypad over with a permanent marker in similar color to the keys. I counted the audible beeps emitted by the controller. After a day or so, I went up and saw that only three keys had been depressed for the five beeps. After four tries, I had the code and could pointlessly open the gate for no reason at all at will!
Re: (Score:2)
I went up and saw that only three keys had been depressed for the five beeps. After four tries
If only number of presses is relevant but order is irrelevant, that's as close to expected as you can get... but if order is relevant, that's very lucky.
Re:Rather simple fix (Score:5, Funny)
You'll find it's actually quite common to get incredibly lucky in stories that you made up. In fact, just the other day when I was getting a blowjob from Jessica Alba, a million dollars fell into my lap.
Re: (Score:3, Funny)
that must be made up. what probably really happened was the million dollars fell on her head and she didn't get to finish her job.
Re: (Score:2)
I've used the Internet to put your account into some [freakingnews.com] sort of context [dognamesplace.com] and I have no reason to doubt your integrity.
Re: (Score:2, Informative)
Re: (Score:2)
There's still an 7.4% chance that you'd get the right sequence in 3 tries. That's lucky, maybe even very lucky, but certainly not lucky enough to warrant the italicized very.
Re: (Score:2)
According to my lookup chart.... crossing number pad story with italicized very results in a minimum chance of 7.25%. So you're right, but he's not that far off.
Re: (Score:2)
This isn't exactly a new idea. Even I had a similar idea that I realized years ago.
Back when I was at MIT, we had utility vehicles on campus and several keypadded gates. The men in trucks drove up to the gates and entered codes. Since I didn't want to build any hardware, I colored the keypad over with a permanent marker in similar color to the keys. I counted the audible beeps emitted by the controller. After a day or so, I went up and saw that only three keys had been depressed for the five beeps. After four tries, I had the code and could pointlessly open the gate for no reason at all at will!
I took some flying lessons in college at the local airport. The flying club was located in a hangar on the tarmac, so if you didn't have codes for the gates you had to walk a ways to get there (not a real big airport, though they did have scheduled passenger service). I noticed that most of the other people actually parked inside the gate next to the hangars, so I finally asked my instructor what the gate code was so I could save the few minute walk (and avoid the small, crowded parking lot). "I don't know,
Re: (Score:2)
No kidding this isn't news. I unlocked a friend's Android device by figuring out the swipe directions he used for his code.
Re: (Score:2)
I colored the keypad over with a permanent marker in similar color to the keys.
Back to the smudge idea, those being greasy fingerprints, you can also put a bit or cornstarch in your palm and blow at the keypad. It'll only stick to the greasy keys.
You can wipe them down with alcohol the day before if you want.
Ah, the things you learn in the textfiles section of your local bbs.
Re: (Score:2)
The problem with it is that the endpoints have to intersect a number ( 1 of 9) which is like, what a 1-bit hash key????
It's even worse. Each point can only be used once, and there's no ability to "skip" a point (say to connect from point "3" to point "1" without hitting point "2"). While you can sometimes "split" a diagonal and go from "2" to "7", I doubt most users are going to bother since "accidentally" hitting "4" or "5" on the way down is more likely than not.
Just randomize the keyboard every time (Score:4, Insightful)
Just randomize the keyboard every time, bam, smudges are now useless. Or use Apple's oleophobic display coating (http://iphoneindia.gyanin.com/2009/06/11/iphone-3gs-gets-oleophobic-coating-whats-this-oleophobic-coating/) assuming it's good enough to thwart this attack.
Re:Just randomize the keyboard every time (Score:4, Interesting)
A couple of issues with this.
1) the Android set-up doesn't actually use a keyboard: just dots, which you're supposed to join in the same order.
2) I believe that there are patents around the randomising idea.
I'm certainly aware of this issue on my Android phone. The fact that you're supposed to keep your finger on the screen as you join the dots means that there's often a pretty clear track, even if you have clean hands. And you can tell the order in which tracks were made if you have one which crosses over another.
I quite like the technology, but it's good to be reminded of the possible dangers. I'll keep wiping mine once I've logged in.
Re: (Score:2)
As the summery states, Android 2.2 offers a alphanumeric option.
It uses an actual (T9) keyboard.
I'd assume it wouldn't be too hard to make an app that randomizes that keyboard or implements one that is randomized.
Re: (Score:2)
Actually the alphanumeric password in Android uses a full keyboard. Their is also a new PIN option in 2.2 which uses a number pad.
Re: (Score:2)
I believe that there are patents around the randomising idea.
There are active patents on randomizing the order of digits on a numeric keypad-based lock? Point of No Return [imdb.com] had a shot with a randomized-order touch-screen lock in 1993, and I'd be a bit surprised if the idea was invented by the prop department for that film.
Re: (Score:2)
1) the Android set-up doesn't actually use a keyboard: just dots, which you're supposed to join in the same order.
Change them to symbols (pictures?) which must be connected in order, and randomize their positions, you're done. See sibling for prior art.
Re: (Score:2)
In "connect the points" you can use your spatial memory to remember the shape you draw.
Thus providing opportunity for numerous attacks. You really can't remember a logical sequence of symbols?
Re: (Score:2)
2) I believe that there are patents around the randomising idea.
Yeah, there are. I came up with a variation on the idea I called wokkey [bfccomputing.com] which I used for the times when I was left with no option but to use a "cybercafe" terminal for logging into my accounts. I had a patch against SquirrelMail for a while, worked fine, but it's slow and onerous, so only useful for the paranoid, not the android users.
Re: (Score:2)
Just a bit of empirical data here: On an iPhone 4 with the oleophobic coating, I traced an android-style unlock pattern with my thumb, and an oil trail was visible on the screen that showed me exactly the pattern I traced.
This makes sense, since oleophobic coatings do not prevent your fingers from secreting oils, nor from depositing those oils on nice glass surfaces. They only make it easier to wipe the oil away. It looks like this study took into account that smudges may be obscured due to phones generally
Re: (Score:2)
Or require a keyfob authenticator, like a certain wildly popular MMO and/or your more responsible employers do. This randomizes the necessary input, rather than the layout of the screen. You could also have it ask you a series of questions. Or randomize photos and ask you to pick the one tied to the word you input when you set it all up. The list is really endless, all while leaving the keyboard in place.
Re: (Score:2)
Re: (Score:2)
"You are interacting with a randomly assigned keypad. The numbers are in this order: 9 4 6 2 4 3 1 5 7. "
Re: (Score:3, Funny)
Re: (Score:2)
And mine's all 4s!
Well, maybe ... (Score:2, Insightful)
Re: (Score:3, Insightful)
Re: (Score:2)
You haven't used a touchscreen phone if you really think keeping it clean is as simple as washing your hands.
You're using it wrong. A magical touchscreen phone requires no maintenance.
Re: (Score:2)
Re: (Score:2)
That's not how you are supposed to behave here in /.
Re: (Score:2)
I've found btw - that the drier your hands are - the less they leave a smudge on the screen (thats my experience with the Droid-X) - immediately after washing your hands you're probably more likely to smudge the screen.
The good news is the smudges wipe clean with a shirt tale or similar cloth.
Re: (Score:2)
Producing oil is part of the normal function of human skin. If your skin doesn't do it, you're either a robot or very, very sick.
Re: (Score:2)
Actually, for many people the tips of fingers and palms do NOT secrete oils (nor sweat).
So how does the oil get there? We are (spare me the jokes) constantly touching ourselves. Most of the oil and grease and whatnot on your fingers comes from touching other parts of your body that are oily, like your nose, face, or hair, or from touching items in our environment like food.
Duh (Score:2)
I actually thought this was common knowledge for many years now. One of the biggest flawed security screens is the connect-the-dots unlock screen for Android. To really highlight that, just clean up the screen and attempt to unlock. Look at screen from the side. You should see smudges AND streaks. Those streaks can help you easily make out the direction to move in.
Re: (Score:2, Insightful)
Hate to say it... (Score:2)
No shit? If you draw something with an object that leaves residue you can see what you had drawn. With my new xt720 I noticed this day one. Either cleaning the screen or simply "smudging the smudges" by just "scribbling" out the grease smear works great. Although, over time I can see the protector being physically altered in the same pattern as my swipe code. I guess then you just replace the protector.
But seriously, this is as obvious as saying that walking in sand or snow allows people to follow you.
Non touch-screens, too (Score:5, Informative)
This isn't really that different from the case of push-button locks that are subject to "wear attacks", is it? You know, just check to see which of the 5 or so buttons are most worn/polished/dirty. If it's 3 of them, you've only got to try 6 permutations -- maximum -- to open it. Worked fine in my wife's hospital room for the locked supply drawer. Two tries. All the bandaids and gauze I wanted.
I'd say this case is much harder to fix than the touchscreen, given the "randomize" suggestion above. Sure it's a little bit of a pain, but not that bad if security is actually important.
Re: (Score:3, Interesting)
Yes, I've made use of this myself and have also seen it done similarly in films where the keypad is sprayed with a UV luminescent spray; when illuminated you can easily see which keys are pressed and which aren't.
The obvious "solution" is to require all buttons be pressed (ie, 6 button keypad means 6 digit combinations). One of my gun safes uses an Ilco mechanical lock and you have to push all the buttons; it does allow you to cut the "length" of the combination by using two-button presses as a single comb
Re: (Score:2)
He doesn't care about getting caught. Being a petty thief is a matter of pride to him....
National Treasure already did this (Score:2)
I'm sure the few of you who saw National Treasure remember the scene where Nicholas Cage is standing in front of a touchscreen keypad used to gain access to the secure documents room. He shines a light on the keyboard and the keys which Abigail Chase (played Diane Kruger, mmmmmmm, Diane Kruger) had touched for her password were lit up.
While National Treasure used a fluorescing powder to identify which key was pressed, the principle is the same.
Re: (Score:2)
This was also used in one of the Ace Attorney video games. Apollo Justice: Ace Attorney [wikipedia.org] to be exact, during the second case.
Granted, National Treasure did it first.
This is not a repeat... (Score:2)
...from an episode of MacGyver.
Re: (Score:2)
Heh heh, I was thinking exactly the same the thing.
Practically (Score:3, Insightful)
Does this mean I should stop eating chocolate while using my touchscreen toy? :/
No seriously, it might work 92% of the time, but that's assuming the user just unlocked and did not use the device. Using it would introduce noise and break the unlock-smudges, dropping the percentage closer to zero the more they use it.
Graphical Pattern Lock Usage (Score:5, Interesting)
This comes at no surprise. Most people draw simple shapes on the graphical pattern lock. Would you be surprised if your computer was hacked if you set the password to "1234"?
For example, how many of you have drawn a triangle as your pattern? I know I did the first time I used my android phone. Then a few weeks later, when I was on an airplane, I watched a senior gentleman pull out his smart phone and draw the exact same pattern lock as me.
I then sat down and pondered the complexity of passwords using a graphical pattern lock. There's only 9 buttons to use and for most people they tend to only use adjacent buttons when drawing. If one were confined to this set of rules, the passwords would all be linear and simple geometric shapes. However, I figured out through trial and error, that you can actually double back on buttons you've activated and activate buttons that are non-adjacent to active ones by drawing in the blank space in between buttons. This should be a criteria for a strong graphical pattern lock, just like how there's requirements for strong alpha-numerical password locks. You should always have at least one double back button and one non-adjacent button as part of the pattern lock. This way the smudges left on your phone are non-linear.
Re: (Score:2)
My first pattern was a big Z.
Re: (Score:2)
I knew Zorro was still alive!
Re: (Score:2)
I concur. Not gonna brag, but I never liked the simple shapes... always thought it would be too easy to guess.
One of the connections on my code is from the top row, far left dot to the middle row, far right dot. It's possible, uncommon, and makes a very hard to guess pattern while still being pretty easy to unlock with one hand, IMHO. Just to help illustrate your non-adjacent comment.
Re: (Score:3, Interesting)
However, I figured out through trial and error, that you can actually double back on buttons you've activated and activate buttons that are non-adjacent to active ones by drawing in the blank space in between buttons. This should be a criteria for a strong graphical pattern lock
I also noticed this, shortly after I got the idea to use an unlock pattern. Once you noticed those two aspects (ability to draw between buttons, and harmlessly slide over already-activated buttons), the permutations multiply.
With those in mind, here is how unique a randomized unlock pattern can be:
4 dots = 1624 permutations (as weak as a 3 number password!)
5 dots = 7152 permutations (much better, but not by far)
6 dots = 26016 permutations (at least as strong as a 4-digit bank card PIN)
7 dots = 1407
Scanning for heat trails? (Score:2, Informative)
Re: (Score:2)
Scanning for heat trails... that reminds me of Cyberia...
The first thought that popped in my head was of Splinter Cell.
Every Spy Movie Ever Made Called (Score:2)
Every spy movie ever made called, and they want their 'we can tell where your fingers were' concept back. Seriously, 'touch screen' does NOT make this new. People have been worried about this with keypads and the like for AGES.
Re: (Score:2)
Bet you can't tell where my fingers were.
Re: (Score:2)
Nice try, but I told you last time that I'd never sniff your fingers again!
Hmmm...marketing opportunity (Score:2)
Of course, there are some pre-release obstacles to overcome. In initial tests, people really were creeped out by trying to talk on their phones after the slugs left their slime trails. Perhaps I need to send this one back to R&D...
Could be just me, but... (Score:2)
Re: (Score:2)
Lots of POS terminals in grocery stores and the like use touchscreens for PIN entry, often with a stylus. Easy to shoulder surf as well, with the onscreen buttons changing colors when pressed.
Re: (Score:2)
You're right, an ATM with a touchscreen would be an instant ADA fail, since putting braille on a touchscreen would be somewhat difficult.
That aside...
An ATM would be a lot harder to crack, because lots of people use it so the keys are going to be somewhat more randomly-used (since everyone has a different PIN).
The only way of using this would be to put a shim on the ATM to read the magstripe, then some sort of substance on the keypad, and then go back and determine which keys were pressed between each use o
Re: (Score:2)
I believe (at least in the US) that this would be against the Americans with Disabilities Act (ADA).
How so? If you can press a button you can touch a screen.
Re: (Score:2)
Gee, and it requires possession of the phone (Score:2)
Give a hacker physical access to any device and they will eventually find a way to crack it.
It amazes me that scientists and journalists phrase this as an "attack." It normally takes an act of thievery or an "attack" on the street to lose your phone. If you lose your phone, your fucked anyway, right? The lock on a phone is meant as a casual lock for someone who just happens to walk by and wants to sneak a peek. In fact wouldn't it be easier to plug the phone in via USB and hack it that way, perhaps by m
Re: (Score:2)
Give a hacker physical access to any device and they will eventually find a way to crack it....In fact wouldn't it be easier to plug the phone in via USB and hack it that way, perhaps by mounting it as a hard drive and messing with the contents?
True, but at least my android phone defaults to charge only mode when plugged in via USB (default action is user-configurable). I need to unlock it after plugging it in to mount it as a drive.
Just use a PIN lock app (Score:2)
The solution for me is to use a PIN lock application instead - the point-smudges from this would be far less distinguishable from those left by normal touchscreen use. Android 2.2 (Froyo) includes this option, as does CyanogenMod (5.0+ I think), but unfortunately also makes it harder for custom lockscreen apps.
For those still using Android 2.1 or lower - any pointers to secure lockscreen replacement apps with PIN locks? There are many without the PIN lock, but I haven't found one that has a PIN lock and i
Re: (Score:2)
My Cliq with Android 1.6 had the ability to use a PIN lock. Ideally, it would be nice to have 4-5 types of lock options:
1: Pick x amount of pictures from a 3x3 or 4x4 array. The pictures will be randomly placed, and the user just selects the ones he or she has marked, and either 1 or more will show up.
2: Normal PIN.
3: Password entry. I know some people who have sensitive enough information that a solid password is a must. Perhaps have the option for the keys to be randomly placed.
4: Click places in
This is nothing new. (Score:2)
I've known about this vulnerability for quite a long time. Although not exactly the same thing, touch-pad door locks also had this problem. You had 10 keys and lets say 4 keystrokes. In theory that gives 10 ** 4 combinations. The problem comes after a extended period of use... The paint on the keys you use gets worn off and it becomes quite obvious which 4 keys are used. Now the possible combinations are reduced from 10000 to 256. Sure, it would take patience to open the lock but opening the lock is
Every cipher lock I've ever used... (Score:2)
Never was a problem for me... (Score:2)
I've got a G1, and had an Invisishield on it from the moment I carried it. Smudges are almost imperceptible on that stuff. I am not a seller for Zagg or Invisishield, just a customer.
But I scored a banged-up G1 as a root/test/spare, and while it needs a new housing, the bare screen shows smudges really badly. If I locked it, a monkey could guess the pattern. Maybe even a pickpocket could.
Try using a screen protector.
This was first noted er.. (Score:2)
business opportunity (Score:2)
It used to be only super burglers needed to don the (invariably black) gloves and/or wipe their fingerprints from every surface. Now, it's become a common concern.
I can see it now, nestled eye-level with the toothbrushes and mouthwash, in a spring green box with a smart creme-colored swoosh on the side:
A joint venture between Swifter and Swatch, of course...
Didn't I see this ... (Score:2)
... on an episode of MacGuyver?
Except, I think he used drywall dust from the nearest wall (always carry a knife) instead of photo tricks to 'bump up the contrast.'
Physical Access to the Machine (Score:2)
If someone can get your phone long enough to take these pictures of its screen, they can probably get into its cache of secrets. This is why phones should have more security features ensuring it doesn't leave its owner's possession without permission or for very long, and wipe all confidential info (including resetting remote passwords the phone had access to in cleartext).
When phones are locked down better, they'll be better "universal keys" to all the other devices we have to access. I wish my phone held
oleophobic screen counter (Score:2)
This would, IMHO, quite effectively counter smudge attacks as there wouldn't be any smudges on my device.
Do any Android devices have oleophobic screens? I
Re: (Score:2)
Most people I've seen with touchscreen phones have them literally attached to their hip at all times, they'd probably notice pretty quickly if it went missing. Besides, if someone is going through the trouble of stealing your phone in the first place I doubt having to read smudges to unlock it will be much of a hindrance.
Re: (Score:2)
Very true. The trick is to limit the guesses someone can make. I just wish Android would have the ability to wipe itself after x amount of failed attempts. Blackberries have this, the iPhone does. My old Windows Mobile device even has this functionality. The only way I've seen to do this in Android is to use a third party utility like WaveSecure,
Re: (Score:2)
The two security features I really want to see as pasts of the Android OS are the ability to wipe parts, and the ability to encrypt data. Android 2.2 encrypts apps stored on the SD card, but what I would like to see is the ability to use file by file encryption with EncFS, or encrypt the whole memory card as a block image, using LUKS. This way, if the Android device is hard reset and the encryption keys purged, there wouldn't be a way for the SD card to be useful if the phone falls into the wrong hands.
Re: (Score:2)
Key storage is simple... create a directory on the onboard flash, store a 256 bit nonce from /dev/urandom in there. Then use that to encrypt the EncFS or LUKS image. This way, someone can recover it who is authorized, while on a hard reset, this directory is purged and recreated so the old key is gone. Bonus points in having specific memory "cells" dedicated to storing encryption keys similar to what eTokens have that are easily and thoroughly wiped (no need to worry about wear leveling or data relocatio
Re: (Score:2)
The reason I left the US [slate.com]
THAT is the most idiotic article I ever read. An in-depth psychoanalysis of driving/not driving in the US made you leave? Did the door hit you on the ass on your way out?
Re: (Score:2)
That only works if you tell everyone about it, though. It's like the human version of being a skunk...
Re: (Score:2)
You may well laugh, but there is a product on the market that is a hidden jewelry stash container disguised as a slightly stained pair of dirty old tightie whities.
Re: (Score:2)
Wait what? So my phone only has draw picture and I should stop using that because it's unsafe?
I'll take a little security over no security thank-you-very-much.