According to researchers at several universities, including Lancaster and Bat University (UK) and Northwest University (China), an Android unlock pattern can be broken with some ease. In most cases it can be broken with less than 5 attempts. And contrary to what you might think, the more complex the unlocking pattern, the easier it is to break it. Surprised, later we’ll explain why.
Pattern locking is one of the most widely used techniques to protect millions of Android operating system smartphones. It is estimated that around 40% of Android mobile users use this security method. The method consists of a series of dots on the terminal screen, on which a pattern is drawn. If the pattern matches the set one, the mobile is unlocked and can be used.
And the most worrying thing is that people not only use it to protect the ignition of their mobile device, but also use it for financial transactions or online shopping.
How to break the unlocking pattern
The method or attack to break the unlock pattern is to make a video recording. By means of which the attacker is able to track the movement of the victim’s fingers on his screen. In fact, the recording does not even need to capture the dots printed on the user’s screen. You only need to see the movement of the fingertips to pass the recording to a software, which through a series of algorithms determines various patterns candidates to unlock the Android mobile phone.
To make this recording is also not necessary that the attacker is just above his mobile phone. With a normal camera could make the recording about two and a half meters away. And this distance could even go up to 9 meters if they use digital SLR or digital SLR cameras, which capture video at high resolution.
It’s really effective this kind of attack
Maybe you’re reading this and it sounds like spy movies to you. Okay, someone can record my mobile and have a program that tells you possible patterns, but are those possible patterns really effective? The answer is a resounding YES.
For the research, several users created 120 unique unlock patterns. Users then unlocked their terminals using those 120 patterns and recorded their movements. After analyzing the videos through the software. We proceeded to try to unlock the mobile users with the following results:
- Ninety-five percent of the patterns were successful in five or fewer attempts.
- The greater the difficulty of the chosen pattern, the easier it is to break it. This is because the software has more movement information. More lines are created between points and the software is able to reduce combinations and offer possible tighter patterns.
- 87.5% of complex patterns were successful on the first attempt, compared to 60% of simple patterns.
How to protect our unlocking pattern
The experts give us a series of tips and measures we can take to protect ourselves from these types of attacks. The most important would be:
- Cover the movement of our fingers completely when drawing the unlocking pattern.
- In addition to the pattern, use an additional technique, such as a PIN.
- Configure the brightness and color of our screen dynamically, to make any type of recording difficult.
But what practically all of them agree on is that the most effective thing is to use alternative methods or the conjunction of several of them. A strong password is much more effective. Ideally it hould be long and mix upper and lower case letters, numbers and other signs. In addition, today many mobile phones already come with fingerprint sensor, which also provides us with an extra security. The use of PINs is still widespread, but it could be engraved as well, similar to unlocking.