Cracking Android Pattern Lock in Five Attempts

Pattern lock is widely used as a mechanism for authentication and authorization on Android devices. This paper presents a novel video-based attack to reconstruct Android lock patterns from video footage filmed using a mobile phone camera. Unlike prior attacks on pattern lock, our approach does not require the video to capture any content displayed on the screen. Instead, we employ a computer vision algorithm to track the fingertip movements to infer the pattern. Using the geometry information extracted from the tracked fingertip motions, our approach is able to accurately identify a small number of (often one) candidate patterns to be tested by an adversary. We thoroughly evaluated our approach using 120 unique patterns collected from 215 independent users, by applying it to reconstruct patterns from video footage filmed using smartphone cameras. Experimental results show that our approach can break over 95% of the patterns in five attempts before the device is automatically locked by the Android operating system. We discovered that, in contrast to many people’s belief, complex patterns do not offer stronger protection under our attacking scenarios. This is demonstrated by the fact that we are able to break all but one complex patterns (with a 97.5% success rate) as opposed to 60% of the simple patterns in the first attempt. Since our threat model is common in day-to-day life, this paper calls for the community to revisit the risks of using Android pattern lock to protect sensitive information.

[1]  David A. Wagner,et al.  Are You Ready to Lock? , 2014, CCS.

[2]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[3]  Robert Tibshirani,et al.  Discriminant Adaptive Nearest Neighbor Classification , 1995, IEEE Trans. Pattern Anal. Mach. Intell..

[4]  Paul C. van Oorschot,et al.  Using a Personal Device to Strengthen Password Authentication from an Untrusted Computer , 2007, Financial Cryptography.

[5]  Daniel P. Lopresti,et al.  Forgery Quality and Its Implications for Behavioral Biometric Security , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[6]  Markus G. Kuhn,et al.  Compromising Emanations , 2002, Encyclopedia of Cryptography and Security.

[7]  Nasir Memon,et al.  Fortifying Android Patterns using Persuasive Security Framework , 2015 .

[8]  Alexander De Luca,et al.  It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[9]  Markus Dürmuth,et al.  Quantifying the security of graphical passwords: the case of android unlock patterns , 2013, CCS.

[10]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[11]  Jan-Michael Frahm,et al.  iSpy: automatic reconstruction of typed input from compromising reflections , 2011, CCS '11.

[12]  Yunhao Liu,et al.  Kaleido: You Can Watch It But Cannot Record It , 2015, MobiCom.

[13]  Heinrich Hußmann,et al.  Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)lock Patterns , 2015, CHI.

[14]  Jan-Michael Frahm,et al.  Seeing double: reconstructing obscured typed input from repeated compromising reflections , 2013, CCS.

[15]  Vir V. Phoha,et al.  When kids' toys breach mobile phone security , 2013, CCS.

[16]  L. Leemis Applied Linear Regression Models , 1991 .

[17]  Hanseok Ko,et al.  Rule-based trajectory segmentation for modeling hand motion trajectory , 2014, Pattern Recognit..

[18]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[19]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[20]  Rajesh Kumar,et al.  Beware, Your Hands Reveal Your Secrets! , 2014, CCS.

[21]  Rafael Grompone von Gioi,et al.  LSD: A Fast Line Segment Detector with a False Detection Control , 2010, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[22]  Narendra Ahuja,et al.  Extraction of 2D Motion Trajectories and Its Application to Hand Gesture Recognition , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[23]  Björn Stenger,et al.  Model-based hand tracking using a hierarchical Bayesian filter , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[24]  Rong Li,et al.  Privacy Leakage in Mobile Sensing: Your Unlock Passwords Can Be Leaked through Wireless Hotspot Functionality , 2016, Mob. Inf. Syst..

[25]  Giovanni Vigna,et al.  ClearShot: Eavesdropping on Keyboard Input from Video , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[26]  Zdenek Kalal,et al.  Tracking-Learning-Detection , 2012, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[27]  Dirk Van Bruggen,et al.  Studying the Impact of Security Awareness Efforts on User Behavior , 2014 .

[28]  Yang Wang,et al.  Dissecting pattern unlock: The effect of pattern strength meter on pattern selection , 2014, J. Inf. Secur. Appl..

[29]  Marte Dybevik Løge,et al.  Tell Me Who You Are and I Will Tell You Your Unlock Pattern , 2015 .

[30]  Deian Stefan,et al.  Robustness of keystroke-dynamics based biometrics against synthetic forgeries , 2012, Comput. Secur..

[31]  Zhen Ling,et al.  Blind Recognition of Touched Keys: Attack and Countermeasures , 2014, ArXiv.

[32]  Antonio Torralba,et al.  Depth Estimation from Image Structure , 2002, IEEE Trans. Pattern Anal. Mach. Intell..

[33]  Martin Welk,et al.  Tempest in a Teapot: Compromising Reflections Revisited , 2009, 2009 30th IEEE Symposium on Security and Privacy.