Security Analysis of Smudges on Smart Phone Touch Screens
“Smudge Attacks on Smartphone Touch Screens“:
Abstract: Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred.
In this paper we examine the feasibility of such smudge attacks on touch screens for smartphones, and focus our analysis on the Android password pattern. We first investigate the conditions (e.g., lighting and camera orientation) under which smudges are easily extracted. In the vast majority of settings, partial or complete patterns are easily retrieved. We also emulate usage situations that interfere with pattern identification, and show that pattern smudges continue to be recognizable. Finally, we provide a preliminary analysis of applying the information learned in a smudge attack to guessing an Android password pattern.
Reminds me of similar attacks on alarm and lock keypads.
Clive Robinson • August 12, 2010 8:28 AM
It’s one reason the Android phone I selected has a flip out keypad.
Also one advantage of a flip screen is the time lag in fliping which allows you a second or so to wipe your finger across it.
Also in some modes putting your finger on the light sensor blanks the screen and in the process stops any input from the touch screen so you can again wipe it with a finger.
So in some android phones it’s a matter user smarts.