We all know how annoying fingerprints on touchscreens can be, but now researchers believe they can actually leave your mobile phone susceptible to hacking.
University of Pennsylvania researchers tested the Google Nexus One and HTC G1, both of which use a graphical password system to unlock the phone that works by swiping a set pattern on the touchscreen.
Unlocking your phone in this way leaves oily residues on the screen that can remain even if you wipe it. "Latent smudges may be usable to infer recently and frequently touched areas of the screen -- a form of information leakage," warns the article.
Using standard cameras and lights, researchers took pictures of the touchscreens and analysed the images with simple photo-editing software available on most home computers.
The study found that in ideal lighting conditions, researchers could find the pattern password of a phone more than 90 per cent of the time, simply by increasing the contrast of the photo.
People swipe on their smart phones all the time, so you'd think it would be impossible to distinguish which patterns had been used for passwords, and which were the marks of everyday browsing. Apparently not.
The minimum number of positions you have to swipe to unlock Android phones, if you use the feature, is four. Using more positions and swiping in more than one direction would presumably make it harder to crack.
This shouldn't suggest that graphical passwords are any less safe than traditional alphanumeric passwords, either. Going to the effort of stealing a device, photographing the screen and analysing the image at high contrast seems almost as tricky as trying to decipher a four-digit password -- especially as many people tend to use easy-to-crack pins for their mobile phones.
If anything, pins and alphanumeric passwords could be considered less secure than graphical passwords, because people tend to use the same code for all of their devices.
It hasn't been the greatest week for smart phones and Android security. Only yesterday the first SMS malware was found on Google's mobile platform.
Android App 
RSS Feeds 
iPhone App 
Newsletters 
Comments 9
Add your comment
Pokeh 12 August, 2010 16:39
So basically the general gist of this is that you should make sure that you don't just leave your phone lying around?
weetanhops 12 August, 2010 16:42
I never would have guessed that people would be able to see where my finger had been on glass by looking at the smudge marks. I never leave my phone lying around anyway, and I got myself a case that wipes the screen when it goes in and out of it. You ain't gonna be breaking into mine any time soon.
Anonymous 13 August, 2010 08:17
Shouldn't this be about touchscreens in general rather than a specific OS?
Jus' sayin' like.
Anonymous 13 August, 2010 09:25
This ain't new so no shock to me . Iv been hacking my own phone through smudge marks since the g1.
Who has nt changed their codes after a few beers .
anonymous 13 August, 2010 12:48
This security flaw is negligible, compared to the fact that if you make too many attempts, it will prompt you for a gmail adress and password. This login doesn' work, though and the only way to get in is with your email adress and 'null' as te password.
Anonymous 14 August, 2010 20:25
Googling is not research. This was talked about back in Febuary. Nice to waste your time guys.
http://www.intomobile.com/2010/02/17/this-is-when-lock-screen-gesture-passwords-dont-work/
mark_85 17 August, 2010 07:29
This was one of the first things I noticed about my HTC magic 12 months ago. You can quite easily see it just from tilting the screen under good light too, no photo or software required. No security system is perfect!
Anonymous 14 April, 2011 16:05
Many Thanks for the useful info presented here . Very precise and helpful.
Globalhardware
moti weisbrot smolkowicz
anonymous 1 May, 2012 21:59
But if you don't leave it lying around, then you don't need a code. So when is fingerprint recognition going to get better? Oh wait, that one's even easier to see...