Android Pattern Lock Can Be Cracked In Just 5 Attempt: Here's how

The popular pattern lock system used to secure millions of Android smartphones can be cracked within just five attempts - and more complicated patterns are the easiest to crack, security experts have warned. Pattern lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 per cent of Android device owners, researchers said.

In order to access a device's functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked. New research from Lancaster University, University of Bath in the UK and the Northwest University in China, shows for the first time that attackers can crack pattern lock reliably within five attempts by using video and computer vision algorithm software.

By covertly videoing the owner drawing their pattern lock shape to unlock their device, while enjoying a coffee in a busy cafe for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner's fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.

The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen, researchers said. Results are accurate on video recorded on a mobile phone from up to two and a half meters away - and so attacks are more covert than shoulder-surfing. It also works reliably with footage recorded on a digital SLR camera at distances up to nine meters away, they said.

Researchers evaluated the attack using 120 unique patterns collected from independent users. They were able to crack more than 95 per cent of patterns within five attempts. Complex patterns, which use more lines between dots, were easier to crack because they help the fingertip algorithm to narrow down the possible options. During tests, researchers were able to crack all but one of the patterns categorized as complex within the first attempt. They were able to successfully crack 87.5 per cent of median complex patterns and 60 per cent of simple patterns with the first attempt.
Researchers believe this form of attack would enable thieves to access phones after pinching them to obtain sensitive information, or would allow malware to be quickly installed on devices while their owners were distracted.

They have proposed suggested countermeasures to prevent this attack, which include device users fully covering fingers when drawing the pattern; or pattern lock designers mixing pattern locking with other activities such as entering a sentence using Swipe-like methods. Having the screen color
and brightness change dynamically could confuse the recording camera, researchers said.