Are you an Android phone owner who uses the Pattern Lock system instead of a PIN code or password to secure your gadget? It’s this popular system where you draw a pre-selected pattern on a grid of dots to unlock your phone. In fact, it’s so popular that it’s used by about 40 percent of Android owners.
Pattern Lock’s popularity is due to its convenience, ease of use and it is a quicker way to unlock your phone – once you get the pattern down, that is.
But does this convenience have a price? It’s bad enough that most people’s Lock Patterns are predictable but now, a study shows that even the most complicated patterns can be cracked within five attempts.
New research from Lancaster University, Northwest University in China, and the University of Bath found that attackers can crack Lock Patterns within five attempts by video and computer vision algorithm software.
The attack method
Here’s how they do it. By secretly capturing a video of the owner drawing their Pattern Lock to unlock their phone (in a coffee shop with a smartphone’s camera, for example), an attacker can then use the vision algorithm software to track the owner’s fingertip movements relative to the position of the device to infer the pattern. The researchers say that within seconds, the software can generate a few candidate patterns to choose from.
They added that the video footage doesn’t even need shots of the phone’s display nor does the size of the screen matter for this attack method. Their results were accurate even from video captured on a smartphone from up to two and a half meters away and up to nine meters away on a DSLR camera.
Of the 120 unique patterns gathered from different users, the researchers were able to crack more than 95 percent of the patterns within five attempts. Interestingly, more complex patterns are easier to crack using this method because the extra movements help the algorithm narrow down the possible options even further. With patterns designated as “complex,” they were able to crack all but one within the first attempt.
The researchers believe that this form of covert attack from a distance can help attackers plan for stealing sensitive information on target phones or quickly install malware while the target phone’s owner is distracted. Additionally, pattern reuse attacks can be utilized since people tend to use the same pattern lock across devices.
“Pattern Lock is a very popular protection method for Android Devices. As well as for locking their devices, people tend to use complex patterns for important financial transactions such as online banking and shopping because they believe it is a secure system,” stated Dr. Zheng Wang, lead investigator of the research paper. “However, our findings suggest that using Pattern Lock to protect sensitive information could actually be very risky.”
How to protect yourself
The researchers suggest a few techniques to help prevent this attack method:
- Cover your fingers when drawing your lock pattern on your gadget, similar to how people are advised to cover their hands when typing their PIN on an ATM’s keypad.
- Pattern Lock developers can mix other activities with the patterns such as sentence inputs using finger swipes.
- Developers can also employ screen color and brightness changes on the Pattern lock screen to confuse cameras and algorithm software.