The pattern lock used to secure Android phones can be cracked within just five attempts, with more complicated patterns being the easiest to crack.
Researchers from the Lancaster University, Northwest University in China, and the University of Bath, say that the attackers can crack the pattern lock reliably within five attempts by using video and computer vision algorithm software.
This can be done by secretly filming the owner while they unlock their device. The algorithm uses this video footage to track the fingertip movements of the user, on the screen. It then lists out few possible patterns that may unlock the device.
The experts found that the attack works even when the screen was not visible in the video.
They noted that the pattern lock could be cracked by using a smartphone camera at a distance of upto two and a half meters away. This distance was nine meters with a digital SLR camera.
In an evaluation using 120 unique patterns from 215 users, the researchers were able to crack 95 percent of the patterns within five attempts.
Interestingly, the researchers report that complex patterns were easier to crack than simpler ones. This is because the algorithm was able to narrow down the possible pattern options.
The findings are contrary to many people’s perception that patterns that are more complex give better protection. The experts suggest that it may be more secure to use shorter, simpler patterns.
It was found that about 40 percent of Android users secure their devices with the pattern lock. In this method, the user draws a pattern on a grid on the screen to access the device.
“As well as for locking their devices, people tend to use complex patterns for important financial transactions such as online banking and shopping because they believe it is a secure system,” said Dr Zheng Wang, principle investigator and co-author of the paper. “However, our findings suggest that using Pattern Lock to protect sensitive information could actually be very risky.”
To avoid such attacks, the researchers recommend keeping fingers hidden while using the pattern lock on your device. They also suggest that pattern lock designers mix pattern locking with other activities, such as entering a sentence using Swype-like methods.
