If you use a lock pattern to secure your Android smartphone, you probably think that’s the perfect way to avoid unwanted intrusions. However, that line you draw with your finger may be a bit too simple. After all, if even Mark Zuckerberg himself used ‘dadada’ for all of his passwords, it is not surprising that your lock pattern may be a simple letter of the alphabet.
Android lock patterns can be easily cracked using a computer vision algorithm.
Relax, you are not the only one. Around 40 percent of Android users prefer lock patterns to PIN codes or text passwords to protect their devices. And they usually go for simple patterns. Most people only use four of the nine available nodes, according to a recent study conducted by the Norwegian University of Science and Technology. Additionally, 44 percent of people start their lock screen pattern from the top left corner of the grid.
Even though creating more complicated patterns may seem like the best solution to make your password harder to guess, a team of researchers has demonstrated that complex patterns are surprisingly easier to crack than simple ones by using an algorithm.
Hackers can steal your lock pattern from a distance
Picture this: You sit at a table in your favorite café, take your smartphone out of your pocket and trace your lock pattern across the phone screen. Meanwhile, an attacker at a nearby table films the movements of your fingers. Within seconds, the software installed on their device will suggest a small number of possible patterns that could be used to unlock your smartphone or tablet.
Researchers from the Lancaster University and the University of Bath in the UK, along with the Northwest University in China, have shown that this type of attack can be carried out successfully by using footage filmed with a video camera and a computer vision algorithm. The researchers evaluated the attack using 120 unique patterns collected from users, and were able to crack 95 percent of patterns within five attempts.
The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen. The attackers would not even need to be close to the victim, as the team was able to steal information from up to two and a half meters away by filming on a standard smartphone camera, and from nine meters using a more advanced digital SLR camera.
Surprising as it may seem, the team also found that longer patterns are easier to hack, as they help the algorithm to narrow down the possible options. During tests, researchers were able to crack all but one of the patterns categorized as complex, 87.5 percent of median complex patterns, and 60 percent of simple patterns with the first attempt.
Now, if tracing a complex pattern is not a safe alternative, what can you do to protect yourself, especially if you store sensitive data on your smartphone? Using your hand to cover the screen when drawing your lock pattern (just as you do when using an ATM), or reducing your device’s screen color and brightness to confuse the recording camera are some of the recommendations offered by researchers.