Sticky finger risk to touchscreen phone security
Research shows oily residue can be read to extract passwords on phone touchscreens
Sticky fingers and smudged touchscreens could pose a security risk to smartphones, according to new research from the University of Pennsylvania.
Researchers from the University's Computer and Information Science Department investigated the possibility of extracting password data from ‘smudges' of oily residue from fingertips, that builds up during normal use of touchscreens, according to The Register.
The researchers found that not only were patterns of smudges easily extracted from handsets, but that the smudge patterns were also surprisingly resilient, making so-called ‘smudge attacks' a threat to touchscreen security.
The study tested two models of Android-based smartphones, the HTC G1 and the HTC Nexus1, which both require a user to trace a repeated pattern on a 3x3 square grid on the screen, in place of a password. The handsets were photographed using standard camera and lighting set ups, and then photo editing software running on PCs was used to analyze the patterns of smudge marks.
The researchers found that 68% of the time, the full password pattern could be retrieved, while a partial pattern could be recovered 96% of the time, even after the phone had been held to the face, to simulate taking a call, which creates a smudge across the whole screen.
Smudge patterns were also found to be quite resilient to wiping or being removed through carrying in a pocket.
The research white paper stated: "We believe smudge attacks are a threat for three reasons. First, smudges are surprisingly persistent in time. Second, it is surprisingly difficult to incidentally obscure or delete smudges through wiping or pocketing the device. Third and finally, collecting and analyzing oily residue smudges can be done with readily-available equipment such as a camera and a computer."