Clean Your Touchscreens for Security's Sake

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 26,078
Points 1,182,930
Joined: Sep 2007
News Posted: Sat, Aug 14 2010 3:36 PM
At the Usenix security conference, an "unusual" but still useful study was discussed. It involved using the smudges on touch screens to break into smartphones, among other devices.

The study from researchers at the University of Pennsylvania focused on smartphone touch screens, but researchers added that such "smudge attacks" could be applied to "a significantly larger set of devices, ranging from touch screen ATMs and DRE voting machines to touch screen PIN entry systems in convenience stores."

Indeed, while the idea of a "smudge attack" may first seem arcane, touching the screen with your finger leaves behind an oily residue that is pretty persistent, as those that have tried to rub it off sans a screen cleaner can attest to. This makes it something that could be used to break into certain lock sequences, in particular the "pattern lock" used to secure many Android phones.

Researchers were able to use various lighting and camera angles to enhance the appearance of smudges, such that they were able to figure out the sequence of patterns used to unlock Android smartphones. In fact, the researchers were successful at unlocking the Android phones more than 90 percent of the time.
We believe smudge attacks based on reflective properties of oily residues are but one possible attack vector on touch screens. In future work, we intend to investigate other devices that may be susceptible, and varied smudge attack styles, such as heat trails caused by the heat transfer of a finger touching a screen.

The practice of entering sensitive information via touch screens needs careful analysis in light of our results. The Android password pattern, in particular, should be strengthened.

There are some ways to minimize that issue on Android, such as using a pattern that crosses itself to make it more difficult to determine the actual pattern. Additionally, Android 2.2 adds the ability to use a PIN-lock instead of a pattern, and some manufacturers have customized their Android builds to allow PIN-locking of earlier builds. For example, the Droid X with Android 2.1 has PIN-locking.

Still, one has to wonder if this suddenly the sale of screen cleaning wipes will rise as a result of this. That's the obvious way to keep this from being a security hole of your own: keep your screen clean.
  • | Post Points: 35
Top 25 Contributor
Posts 3,795
Points 40,670
Joined: Jan 2010
Location: New York
Inspector replied on Sat, Aug 14 2010 4:11 PM

Now they talk about this? I have always thought about it since my sis got the G1. Thats why i always rub the screen with my palm when im done.

  • | Post Points: 5
Top 10 Contributor
Posts 8,621
Points 103,870
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
realneil replied on Sun, Aug 15 2010 10:20 AM

or just don't use one of them,......

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 5
Page 1 of 1 (3 items) | RSS