The popular locking pattern system used to protect millions and millions of Android phones can be hacked in as few as five attempts. As if that weren't enough, the most complex patterns are apparently the easiest to hack, warned a study published in early 2017 and conducted by researchers from Lancaster University and Bat University (UK) and Northwest University (China).
Many prefer to use the unlock pattern as a security measure as opposed to the PIN code or a password. In fact, the unlock pattern is the method used by about 40% of Android device owners.
If the pattern drawn in the dotted grid matches the one set, the device is unlocked and can be used. And we only have 5 attempts.
Experts have shown that in a matter of seconds, it is possible to find out the right pattern through using an algorithm. For example, the attacker, who pretends to be looking at his phone, can use the software to quickly track the movements of the fingertip of the owner using a video software that, in a matter of seconds, interprets the algorithm and produces a small number of patterns candidates to access the Android phone or tablet.
The attack works even without actually seeing the content of the screen and regardless of the size of the screen. Results are accurate up to 2.5 meters away. It also works reliably with images recorded on a digital SLR (or digital reflex) camera at distances of up to 9 meters.
The researchers evaluated the attack using 120 unique patterns collected from independent users. They were able to break more than 95% of the patterns in just 5 attempts. Complex patterns, which use more dotted lines, were easier to break because they help the algorithm reduce possible options.
During the tests, the researchers were able to break all but one of the patterns classified as complex on the first attempt. In fact, on the first attempt they were able to successfully unlock 87.5% of the semi-complex patterns and 60% of the simple patterns with the first attempt.
"The unlock pattern is a very popular protection method for Android devices. In addition to blocking their devices, people tend to use complex patterns for important financial transactions such as online banking and shopping because they believe it is a secure system. However, our results suggest that using pattern blocking to protect sensitive information could actually be very risky," explains Zheng Wang, co-author of the paper.
How to Protect Yourself
What countermeasures could we use to protect ourselves? These are suggested by the experts:
- Completely cover the vision of the fingers when drawing the pattern.
- Mix the pattern unlock with another security method.
- Dynamically set the screen color and brightness change to confuse the recording camera.