Android Pattern Lock System Can Be Cracked Easily, Security Experts Say

Attackers can get the correct pattern within five attempts using video and algorithm software

Man Holding Samsung Android Smartphone / Android Pattern Lock System Can Be Cracked Easily, Security Experts Say
Image: Pixabay
January 24, 2017

There's bad news for Android users.

Millions of Android devices are protected by a security system known as Pattern Lock, a system often preferred to PIN numbers or text passwords. It is so popular, in fact, that roughly 40 percent of Android owners use it. Now, however, security experts have revealed that the system can be cracked.

In order to access an Android device protected by Pattern Lock, the user first has to draw a pattern on a grid of dots on the screen. If the pattern drawn by the user matches the one set by the owner, the user can access the device. However, the device locks down after five incorrect attempts.

New research has come out of Lancaster University, Northwest University in China, and the University of Bath showing that the system can be cracked reliably within five tries using video and computer vision algorithm software.

Here's how it works. An attacker can covertly record an Android device owner drawing their Pattern Lock shape by pretending to be using his or her own phone. Then the attacker can use software to track the fingertip movements made by the device's owner relative to the device's position. Within a matter of seconds, the algorithm generates a small number of potential patterns for accessing the device.

The attack will work even if the camera cannot see any of the device's onscreen content, and the screen size doesn't matter. It produces accurate results recorded with a mobile phone from a distance of up to 2.5 meters (just over eight feet), so attacks can be hidden easily. It also works reliably using footage recorded with a digital SLR camera up to nine meters (29.5 feet) away.

The researchers assessed the attack with 120 unique patterns that independent users collected. They were able to crack more than 95 percent of those patterns within five tries.

Many users use complicated patterns—which use more lines between dots—to make it more difficult for those around them to reproduce them. The researchers discovered, however that these complicated shapes were actually easier to crack due to the fact that they help the algorithm narrow down the potential options.

When testing the attack, they were able to crack all but one pattern categorized as complex on the first try. Their success rates decreased as the patterns become more simple: they were able to crack 87.5 percent of the patterns rated as being medium-complex and 60 percent of those rated as simple.

They believe that this method would make thieves able to access phones after stealing them to get sensitive information or would let malware be quickly installed while the device's owner was distracted.

In addition, since people often use the same pattern on different devices, a pattern gotten from one device could be used on another.

Dr Zheng Wang was the principle investigator and co-author of the paper and is a lecturer at Lancaster University. "Pattern Lock is a very popular protection method for Android Devices," he said. "As well as for locking their devices, people tend to use complex patterns for important financial transactions such as online banking and shopping because they believe it is a secure system. However, our findings suggest that using Pattern Lock to protect sensitive information could actually be very risky."

"Contrary to many people's perception that more complex patterns give better protection, this attack actually makes more complex patterns easier to crack and so they may be more secure using shorter, simpler patterns," said Guixin Ye, the leading student author from Northwest University.

The researchers suggested potential countermeasures to prevent this attack, including users fully covering the fingers when drawing the pattern, or lock designers mixing the pattern method of locking with others, such as using a swipe-like method to enter a sentence. In addition, setting the screen color and brightness to change dynamically may confuse the camera.

Get Connected with Consumer Connections

Stay up-to-date about issues that really matter! Get the Consumer Connections newsletter!

We're committed to providing you with information you need to make you a better, more informed consumer. Whether it's a vehicle recall, a product recall, or a new scam, we feature it in Consumer Connections.

So why not give it a try? Go on. All of your friends are doing it. It's completely free and comes just once a week.

Have you noticed your iPhone slowing down at all since its last update? If it's slow to respond, crashing, or freezing on random screens, it may be a problem with the device's memory. Although the iPhone's RAM automatically clears when you restart the device, you don't have to reboot it in order to speed it up and fix these memory issues.

Dell laptop computers have a built-in battery sensor that, upon occasion, may fail to be detected by the computer. You may find that a fully charged and functioning battery won't power on the laptop or will flash error lights. If this is the case, you don't necessarily have to run out to buy a new battery!

There are numerous causes for poor signal strength. It could be a problem with the carrier, or it could be that materials in the walls of your home are blocking the signal. Regardless of the cause, there is a way to boost your cell phone's signal to get the most possible at home.

Whether your phone is wireless or connected to a landline, you know that you'll be getting a bill every month. What you may not know is what all the fees and charges listed on the bill actually mean. Savvy consumers know what they're paying for. If you want to avoid any nasty surprises, get to know your bill and make sure you know what you're being charged for.