"Reverse smudge engineering" foils Android unlock security

[Malvado]

​

Eat a lot of greasy hand food? Then consider avoiding one of the ways Google offers to unlock an Android device.

Google's mobile operating system lets people unlock devices by swiping a particular pattern across a three-by-three grid of dots. But Android evangelist Tim Bray raised a concern about "reverse smudge engineering" to figure out the unlock pattern.

"A couple of colleagues had my original Galaxy Tab and needed to use it for something, but I wasn't there. They managed to figure out my pattern by looking at the fingerprints on the glass, and it only took them a few minutes," Bray said in a post yesterday."

Bray recommends people stop swiping altogether and concludes that the numeric code option is the best for him: "The PIN has the huge advantage that it uses a nice big fat numeric keypad, and I can type it in really, really fast; I could do it right in front of you five times in a row and you'd have no clue, I bet."

SOURCE: ongoing by Tim Bray · Safe Unlocking

 

[idk5]

My friend noticed this when I had my OG DROID so now everytime I use my phone I wipe the screen off on my shirt

Sent from my DROID BIONIC using DroidForums

 

[Malvado]

I'm always wiping my screen and I also don't use any pattern or pin LOL.

Sent from my DROID3 using DroidForums

 

[g_what]

This has been mentioned since Android first became popular. I remember seeing similar articles shortly after purchasing my OG Droid in '09. I don't think this should be a major issue because many people, as mentioned above, will wipe off their screen after swiping or playing with their device. If you are genuinely worried about the security of your device, you probably have a PIN instead of a swipe pattern anyways. And you also probably have a remote locator and wipe application.

I personally use a screen protector that is finger print resistant. It's not so much for the security concern as it is for the benefit of not worrying about a smudgey screen. The FPR screen protector works impressively well. The company that makes them is called Unipixel. If you are curious, the info page for the FPR screen protectors is here, and they have a small selection for sale on Amazon here. If you have a supported device I highly recommend that you give it a try.

 

[ConqSoft]

All my patterns overlap also, which helps some. But I'm always wiping the screen anyway.

 

[akhenax]

This thread is both hilarious and obvious at the same time.

1st: Why is this guy's GNex so disgusting?
2nd: Don't clean your screen with Crisco.

 

[NeoPhoenixTE]

The same approach can be used for a pinpad. Heck, smudge engineering was used back in the 80s on door keypads. Dust for prints, and you have a 1 in 16 chance of getting it right.

Why this is news is the real story. ;P

 

[JeffDenver]

Yeah, this is old news.

And an easy way around it is just not to lock your phone. Then there are no smudge marks to give away your password.

 

[Malvado]

It may be old news, I'm just sharing it with the community. I don't specify news articles for specific members LOL. And the "dirty" Nexus pic was done intentionally for the article I believe.

Sent from my DROID3 using DroidForums

 

[Quicksilver7714]

I always have clean hands when I use my phone. I use, the pattern unlock but I am constantly wiping the screen to clean any smudges off.

Sent from my Galaxy Nexus using Tapatalk

 

[JeffDenver]

Ditto. I dont do it for security reasons, I do it because I am anal about having a perfectly clean screen, heh heh

I have friends who never wipe (their phones I mean), and I dont know how they do it. That would annoy the crap out of me.

 

[Malvado]

Ditto. I dont do it for security reasons, I do it because I am anal about having a perfectly clean screen, heh heh

I have friends who never wipe (their phones I mean), and I dont know how they do it. That would annoy the crap out of me.

I couldn't help but laugh at "I have friends who never wipe" LMAO!

Sent from my DROID3 using DroidForums

 

[tjk629]

Saw this on my OG, but not my Bionic.

Sent from my DROID BIONIC using DroidForums

 

[rubiksc00p]

Ahh! I do this all the time! I usually do it with the pins on iPod touches mostly. So.... you can do it with pins, so really just clean your screen or smudge it everywhere!

Sent from the best phone on Verizon!

 

[Bob Dammit]

The same approach can be used for a pinpad. Heck, smudge engineering was used back in the 80s on door keypads. Dust for prints, and you have a 1 in 16 chance of getting it right.

Why this is news is the real story. ;P

Not to nitpick, but a 4 digit pin is a 1 in 24 odds (4! or 4*3*2*1). As far as being news, look at everything the common user overlooks on a daily basis. Case in point, look through the support boards for threads of people who didn't make a backup...


Sent from my Galaxy Nexus using DroidForums