Home / / Sticky finger risk to touchscreen phone security

Sticky finger risk to touchscreen phone security

Research shows oily residue can be read to extract passwords on phone touchscreens

Sticky finger risk to touchscreen phone security
The researchers tested the HTC/ Google Nexus1 phone.

Sticky fingers and smudged touchscreens could pose a security risk to smartphones, according to new research from the University of Pennsylvania.

Researchers from the University's Computer and Information Science Department investigated the possibility of extracting password data from ‘smudges' of oily residue from fingertips, that builds up during normal use of touchscreens, according to The Register.

The researchers found that not only were patterns of smudges easily extracted from handsets, but that the smudge patterns were also surprisingly resilient, making so-called ‘smudge attacks' a threat to touchscreen security.

The study tested two models of Android-based smartphones, the HTC G1 and the HTC Nexus1, which both require a user to trace a repeated pattern on a 3x3 square grid on the screen, in place of a password. The handsets were photographed using standard camera and lighting set ups, and then photo editing software running on PCs was used to analyze the patterns of smudge marks.

The researchers found that 68% of the time, the full password pattern could be retrieved, while a partial pattern could be recovered 96% of the time, even after the phone had been held to the face, to simulate taking a call, which creates a smudge across the whole screen.

Smudge patterns were also found to be quite resilient to wiping or being removed through carrying in a pocket.

The research white paper stated: "We believe smudge attacks are a threat for three reasons. First, smudges are surprisingly persistent in time. Second, it is surprisingly difficult to incidentally obscure or delete smudges through wiping or pocketing the device. Third and finally, collecting and analyzing oily residue smudges can be done with readily-available equipment such as a camera and a computer."

Follow us to get the most comprehensive consumer tech news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.