Android Device's Pattern Lock Can Be Cracked Within Five Attempts, Researchers Show

The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts -- and more complicated patterns are the easiest to crack, security experts reveal. From a research paper: Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners. In order to access a device's functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked. New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software. By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy cafe; for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner's fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.

So it you watch someone draw the pattern...

You can break it?

WOW!!!! Computers are so smart!!!

Wow, they film the owner unlocking the device

What's next? Watching over someone's shoulder to snoop a password?

Can I patent that?

From TFS

[Rik+Sweeney]

coffee in a busy cafÃf©

Come on, guys, it's 2017. Fix this already.

Fuck that, I don't need software

[CajunArson]

Give me a $5 pipe wrench and I can get the pattern out of practically anybody.

Thinking about it too hard

[T.E.D.]

Why on earth do you need some complex setup involving surveillance equipment (which would defeat most schemes)?

I have a phone with the "pattern" security. I noticed straighaway that its barely security at all. All you have to do to see the pattern is look at the phone at an oblique angle. Human fingerprints leave oils behind and in the right light the pattern is clear as day. Since that is the most commonly touched area, its really obvious.

The only "trick" would be figuring out what order its done in. For most people (who aren't smart enough to use a spot twice), that'll take only 2 tries.

too many restrictions on the pattern

[Khashishi]

It's not that the pattern lock is a bad idea for a lock system. It's just that the pattern is too restricted, so the space of patterns is just very small. Give us some options to increase the size of the grid, and allow us to hit a node multiple times in one pattern. Even let us use multiple fingers to do a chordal stroke pattern. There's a lot you can do to greatly increase the entropy without detracting from the simplicity. In my mind, the fact that you can't hit a node multiple times feels LESS simple to me, while also making it much less secure.

I'm aggravated that it feels like Google is forcing a dumbed down solution to compete with Apple.