Smudge attacks on Android

Researchers have done some interesting work about “smudge attacks” on Android phones. All Android phone owners will have guessed that this attack targets the authentication pattern that is used to unlock an Android phone. And all these owners also know that smudge really is dangerous for this authentication technique. I have tried it with a colleague: after picking up my phone, it took him 3 tries to get my combination. Not very good.

After that, I took a little time to examine the smudge left behind. Of course, it depends on environmental parameters: Have I cleaned the screen recently? Am I just stepping out of the shower, or eating fries in a fast food? In most cases, smudge is vividly present, but there is another parameter, which is not covered in the paper: the usage patterns of the phone. Let me take a few examples:

  • If I turn on my phone because of an incoming SMS, things can get really bad; I will enter the pattern, leave smudge, and then barely touch the screen to start the messaging application. If I reply, things are better, because I will use the virtual keyboard on the bottom of the screen.
  • Games are among the best smudge killers, in particular if interaction is through the touchscreen. After 2 or 3 minutes of play, nothing is left of the smudge.
  • Another bad factor of Android phones comes from the keyboard, because it is possible to interact through keys, without touching the screen. For instance, when I browse content, I tend to use the wheel rather than the screen, and the smudge remains. If the phone includes a full keyboard, things are worse, because no virtual keyboard will be used, and it will be tempting to interact through the keyboard in many situations.

So, basically, playing is safer than anything else. Good news for some. Also, if you have a virtual keyboard, it may be interesting to have a part of the pattern action at the bottom of the screen, where key entry will add noise.

The real problem is with the countermeasures. The paper outlines the fact that not all phones are equal in front of smudge attacks, so there may be a way to optimize this. However, it will be hard to get something that works for phones stolen in fast food restaurants.

Interestingly, I have started wiping my phone’s screen in some situations. It works wonders, but it is a stupid gesture, contributing to the proof that this authentication mechanism i just poorly designed.

In the end, Android security could be better with another authentication mechanism, which takes smudge attacks into account. Allowing us to select an application to replace the mechanism will make us even safer, because it would transform a class attack into an attack on an individual phone, leaving the attacker to analyze the smudge specifically for each application.

2 Comments

  • Eric,

    it could be possible to have another pattern-recog. program that mimics the online banks keyboards (numbers are never at the same place).
    Cherry on top, this keyboard always points to the north. So to share the smudge (it should). Think of a 3D compass.

  • but not a real 3D compass, of course.

    Why not a color-code ? à la Simon
    Like there is a pie on the screen, and user drags parts from center to outside.

    Resulting smudge would look like a star. Everytime.

    I definetely need to point Google contacts to this idea (to go to IO 2011 on an all inclusive basis).

    Jerome

Leave a Reply

Your email is never shared.Required fields are marked *