Way
Way to make a physical hardware trait somehow OS-specific.
Maybe they could randomise the keypad layout?
Smudges left on Android touch screens leave tell-tale signs that can often be used to recover password pattens used to lock the phones, according to research presented earlier this week. The smudge attacks work by photographing Android handsets from a variety of angles using standard cameras and lights. The oily residues from …
*Norton Total Defence Screen Wipes (TM) Standard version!!!*
Standard version available in XS, S, M, L, XL and XXL sizes, in a variety of colours that can be renewed using home laundry equipment (subscription required)
*Norton Total Defence Screen Wipes (TM) Professional version with added antiviral and anti-bacterial features!!!*
Professional version available in handy pocket-sized packs, not to be confused with products by Huggies or Kleenex.
Because they'll try to badge anything as a security tool.
...they would need to come in a box 12ftx12ft with addtional trial Norton rubbish bags and Norton Pocket edition wipe. Once you use them they will leave a sticky residue that eventually will have to been cleaned with an industrial strength cleaner die to the fact it takes 5 seconds per key stroke to remove your fingers.
>Simple clothing contact does not play a large role in removing smudges
No but the cloth wallet that the Nexus One comes with cleans the screen when you put it away to carry in pocket or bag. Likewise using the phone to answer a call creates smudges which cross the same points as the password - and most other actions involving a swipe will at least interfere.
Seems like all their testing was done in ideal circumstances to me.
...you could use your eyes. Obvious research alert!
I've noticed some fairly obvious patterns on my screen so this research comes as no surprise. I treat the lock pattern merely as something to slow somebody down for long enough for me to send a lock and erase message to my phone via WaveSecure.
Dear Mr Jobs
After seeing the videos of other phones with reception issues on your site, we would also like to produce a glove for your iphones.
Can we have written permission and an agreement you won't bring out something similar, steal the iglove name from us, sue us, patent it after we create it, and charge more for it in the UK?
I do like androids way of drawing an unlock pattern on the screen, once you get the hang of it its certainly quicker than having to tap in a four digit code. You just fall into a habit of scribbling on the screen a bit like everyone used to pick up a nokia phone and instinctively hit menu + *. The pattern does seem more easily readable though, I've had several friends who are able to pick up my phone and unlock it without issues thanks to the smear on the screen, it stands out like a sore thumb against the smears left by general usage, especially when you've only unlocked your phone to say peek at a widget before turning it off again.
What about all the other smudges?
- Smudge to swipe down the notification bar
- Smudge to write using Swype
- Smudge to move tabs in Opera Mini
- Smudge to move between homescreens
Right now on my Hero there are hundreds of smudges in all directions, most of which are over the unlock pattern. Don't see how this would be feasible under real conditions.
Scientific experiment? Photographing from multiple angles? No. Try just looking at it.
I've seen a range of android smartphones that all have easily visible smudges from entry of the lock pattern. (Mine included!) The owners of these phones have agreed with me that this makes the otherwise nice idea of an unlock pattern pretty useless as a security measure.
Apparently (as is so often the case) this will be fixed in the next release - 2.2. And by fixed I mean they'll add a PIN code unlock option as an alternative to the easily-compromised pattern method.
Really though. People spent time 'studying' this? They could've just asked anyone in the street that they saw with an android smartphone.
I don't bother with that stuff on my Desire. I have quite oily fingers and you don't need complicated software to break into my phone. What would be nice is a PIN pad (possibly using symbols rather than numbers) that uses a random layout each time, with some sort of timeout (ie. you only need to type the PIN after 5 minutes or whatever).
Pint because I couldn't find an image to represent "meh".
Smudges are the reason I dislike touch screens. The old resistive one with a stylus (a la P800) was OK, but had the inconvenience of a stylus (although I never actually lost one), but had the advantage of reading handwriting. I remember an early touch-screen HP oscilloscope where any time someone attempted to point to some feature of the trace, a menu would pop up to obscure it.
I have an E71 phone, keyboard safely separate from the screen, although wear and tear on the keys would probably give away passwords on that.
Seriously this is the most rediculous bias I think I've seen.
"Attack reads smudges to retrieve smartphone password patterns" would have been a better tag line.
All you have done is stop those people with an iPhone/ a nother OS) from reading an article which may highlight a security risk that applies to them.
they say that randomised number positions are available in android 2.2...
still, if your photographed with the screen turned on, then no better than before really.
Perhaps some sort of accelerometer based 'signature' could be utilised aswell on compatible devices?
Further still, how about multi touch without the swiping, that way the 'smears' do not indicate a sequence of numbers, making the smears even more worthless. So instead of CTRL+ALT+DEL to unlock, its 3 + 4 + 7, but the numbers are different locations each time? still, someone snapping you whilst unlocking would reveal the relative numbers. Would blend in more with the 'noise' from normal phone usage aswell.
more research needed!
I noticed this pretty much as soon as I took to using my 'droid phone- it really is pretty obvious what the pattern is if you just hold the phone at an angle to the light because you tend to leave a trail of grease across the screen.
I guess the ideal solution would be to always carry a spare screen protector, apply it before using the phone and then take it off and destroy it immediately after signing in. I'm surprised everyone isn't doing this already. Admittedly it would get through a lot of screen protectors and be deeply inconvenient, but we all have to make compromises for security.
I don't really mind about the handset, I'm concerned about the data that's on it. If they can't unlock the phone they'll have to factory-reset it to use it, and that will wipe my data anyway.
Unless of course we're dealing with the sort of thieves who are going to use data recovery on the device, or some sort of advanced cracking to circumvent the lock function and get to my information. In which case I hopefully will have noticed the phone's absence and gone and changed all my passwords in the time it'll take them to do it.
People are going to steal your phone for one of two reasons:
1.) They want to sell it to someone else/reset it for their own use. In this case they don't care about your password, they're just going to reset it.
2.) (Which is very very very unlikely) They want to steal data off your phone. Unfortunately, very few people, if anyone at all, are cool enough to be targeted for data theft via stealing a phone. No matter how special mommy told you you were, no one wants to read your texts or see pictures of your junk you send to the ladies. In this situation, they're going to rip the phone open and remove the data storage to implant into another device.
Password is irrelevant. All it is going to do is stop your friends from playing with your phone if you leave it laying around (probably while drinking).
The lad over in the corner with the itchy-head showed me a keyboard on his Desire where you don't tap the screen, you simply slide your fingers all over it. Cool.
Added benefit is obviously "more smudges" which will go some way to disguising my unlock-pattern.
The unlock pattern is a really good, simple way of unlocking your phone, but I have to agree with the other users - the pattern is obvious from the smudges that form. I suppose that means they'd need two tries to unlock my phone. But I'm pretty sure if someone got their mitts on my phone they'd be able to break into it somehow no matter what method of locking I used.
...who cares? As said, if someone has your phone then it doesn't matter if they can analyze smudges. And your average mugger isn't going to do that. All the pattern does is prevent casual nosey parkers, and it will stop someone long enough for me to contact the network and report the handset stolen.
Yup, Android, that wonderful iPhone killer, seems less and less safe by the day.
Yesterday. dodgy software doing dodgy things to unsuspecting Android phones.
Today, Android's security system turns out to be anything but secure.
Gotta love Android - keep it up, chaps, I'm enjoying my daily laugh :-)
If you own an Android based phone watch out for gangs of data theives. If you see a herd of morons carrying cameras, lights and software following you around report it immediatly, but DON'T use your own phone (keep that out of sight), borrow someone elses iPhone and call for help (signal strength permitting)
no-one ever wipes their screen to clean it so we're all screwed
Though for any phones there are anti-smudge screen protectors out.
But iPhone 4 is a smudge magnet:
“The glass front and back surfaces feel great, although we noticed plenty of fingerprints after I and other journalists had spent just a few minutes playing with it.
Then naturally with the iPud
"With all the use, it goes without saying, my iPad is now covered with lots of finger prints and plenty of smudges. The dirty screen is not as noticeable when I’m using it in soft indoor lighting; however, when I move to a room with bright lights or outside on the patio, the smudge covered screen is much more obvious. (I know I’m not this only one with this problem. We’ve had many readers contact us about what to do for smudged screens.)"
It amuses me when people have to jailbreak a phone to be able to have perceived freedom and choice only to have it taken away with the next OS update and always be told what they are allowed to do.
I have various hand-held devices and all of them are protected by screen overlays and they don't smudge. Besides, having chubby fingers I honestly prefer a stylus which leave no smudges.
Several are tethered to my belt and these crazy ideas are unlikely to be very practical.
I hope any government funding for these types of stupid studies are cut, soon.
Just exhale on the screen and wipe across cotton pants or shirts. Repeat. Then exhale again, looking for signs of oil. Rub vigorously if in doubt. It's what *I* do. Also, mask your phone when swiping passwords on trains or crowded areas
Also, make sure that Wi-Fi/Bluetooth and phone announcing are turned off. I get suspicious when peoplel near me point their phones at odd angles but then aren't really *reading* their phone.
And, as for USB cables... be warned that one of the automount apps in the Market changes the way the phone responds to being plugged into a computer. I installed the warez and now it seems that only a factory wipe might fix the problem. The problem? Plugging into a computer AUTOMATICALLY mounts, and even if on occasion it appears to NOT mount, "unmount" still shows up as the first option.
Also, unless you're swiping with sandpaper or very harsh fingerprints, or talons (and never change up your swipe code) how much need you worry?
Moreover, it's not just the giveaway of the swipe code we need to worry about. If you're PARANOID, consider that someone could pick up your phone and use a suitable brand of tape to lift your prints and do whatever possible mischief applies.....
I am not shocked to hear about this. From day one of owning a desire I noticed that the smudges were fairly obvious. What is even worse is that you cannot reuse a point on the grid, so ultimately the pattern forms a line and you can either follow the line in one direction or the other and you have cracked it.
It they allowed you to reuse a point then at least you might find you have to double back to a previous point for the gesture and so smudge your own trail.
I am not going to go all luddite ( contempary meaning of the word ), but Sweet Jebus why did I abandon my trusty old Nokia 3310? It worked, it was PAYG and it was a darn sight safer than this smartphone shite I have now!
Sometimes progress is not all it's cracked up to be. In the rush to get to market, designers are simply not given enough time to consider all their options and decisions, before some marketing droid grabs the newly designed device and starts punting it to Joe Public!