Researchers Find Flaw In Android Unlock Pattern Screen
A huge flaw in unlock patterns has been found.
Researchers have found that the unlock pattern option for smartphones is far less secure than previously believed. Whilst it would be difficult for an attacker to successfully guess the right pattern on an unlock screen, onlookers in public could easily determine what unlock pattern you’re using if they see you unlock your phone from a distance.
Research was done at the US Naval Academy and the University of Maryland Baltimore County to showcase that anybody observing a smartphone user in public has the ability to take notice of which pattern the smartphone owner uses to unlock their phone. Once they’ve memorized the pattern, they can repeat the pattern themselves to unlock it.
The tests showed that Android patterns with six total points could be recreated by observers that saw a phone being unlocked six feet away. Two out of three observers were able to unlock the smartphone from a single observation.
Trying to spot a numerical pin code from the same distance proved to be far more difficult, although not entirely impossible. Roughly 1 in 10 observers could recreate an entered pin code after a single observation.
According to Naval Academy professor Adam Aviv, it was far easier for the observers to use the correct pattern code because of the way humans memorize such unlock patterns.
“Patterns are really nice in memorability, but it’s the same as asking people to recall a glyph. Patterns are definitely less secure than PINs.”
The tests that were carried out included over 1,000 individual subjects, so it was clear that the stats weren’t skewed by any memory masterminds. It showed that the everyday person could easily carry out this attack. Sometimes, depending on angle, subjects were asked to guess what unlock pattern they thought they saw, and once again they were surprisingly successful at guessing the right pattern.
As expected, the number of subjects that could replicate the right pattern increased after more observations.
The research showed that roughly 64% of subjects could reproduce a six-point pattern from one viewing, and a staggering 80% of subjects could reproduce the same pin after just two viewings.
These stats show that not only could the pattern be a vulnerability whilst using it in crowded public places, but it proves to be a very ineffective way of keeping snooping colleagues of family members out of your phone.
The US Naval Academy made it clear that the pin was far safer than the unlock pattern, although there are still far more secure options, such as a password.
The trouble with having such a weak option at the forefront of the operating system’s security is that it provides attackers an easy way into the system. Creating a secure operating system that can stop malware and SMS tracking apps from grabbing user data is worthless if an attacker can simply guess a smartphone user’s unlock pattern after a couple of observations.
Fortunately, there are many tools available for users to boost their security. Like mentioned earlier, a smartphone owner can use a pin or a password on the unlock screen. Alternatively, they can use a fingerprint if their phone supports it. Or, in the case of the new iPhone X, iPhone owners can use the new Face ID facial recognition to unlock their device.