Don't use Android pattern lock to protect secrets

Researchers have demonstrated an attack that can crack 95 percent of Android pattern locks within the five attempts allowed.

The side-channel attack, devised by researchers from China and the UK, uses video footage from a smartphone’s camera and a computer vision algorithm to crack Android’s geometric lock patterns. Lock patterns are an alternative to PINs and passwords.

As noted by the researchers, the attack doesn’t require footage of the screen itself, only a line of sight to the user’s hand movements. The algorithm tracks fingertip motions and reconstructs the lock pattern. The researchers tested the attack on 120 unique patterns from 215 users and report that the method can crack 95 percent of patterns within five attempts.

Additionally, they found that more complex patterns are easier to crack, with 97.5 percent falling within the first attempt, compared with 60 percent of simple patterns and 87 percent of median complex patterns.

http://www.zdnet.com/article/dont-use-android-pattern-lock-to-protect-secrets-researchers-warn/