In other news, your mouth leaves saliva on whatever you put inside it! Alright, enough of the ridiculing, but I had to considering how this security “research” report sounds: according to a paper by the University of Pennsylvania, Android users face a security risk that sees the oil from their fingers left on the screen of their device even after it comes in contact with clothing – leading to the possibility of someone being able to make out the lockscreen pattern or code that you input every time you wake your device simply by the prints left on it.
Does this really surprise anyone? If it does, then please step outside of the bombshell you’ve been living inside and remove that aluminum foil hat from your head. Clean your device, make sure you don’t lose it, and have a nice day.
[via Engadget]
Thought you were going to report a CSI team busted a phone burgler by pulling the finger prints off the phones screen. lol
The only issue with this research is that sure you might find the finger oil from them unlocking their phones but you’ll also find the oil from them using the phone, which will mask the other oil.
This method would only work if the only thing you ever did on your phone was unlock it.
They have been using this to figure out the code for door locks for ages, it works there because you only ever use the keypad on that to unlock the door.
I’m stealing the captain obvious logo.
Does this article specifically single out Android phones? As if the other, evil phone who’s name I will not mention, isn’t affected?
@JBaker yes, namely because Android – up until version 2.2 – only supported the drawn patterns for unlocking the device. The report states that the unique drawing pattern was easier to make out than if someone were to key in a 4-digit passcode or a full-blown password (now possible with Android 2.2). Many still criticize their logic due to the fact that you do more swiping on Android phones than just at the lock screen.
Quentyn:
Exactly! I always thought it was neat but stupid to draw a pattern. Luckily my pattern is pretty complicated and even when you see the pattern you don’t realize I go over a certain area twice.
Anyway, it was obvious. When I read that article I was like DUH! Who comes up with this stuff? Let’s do a research project to see how we can follow the greasy swipe and get someone’s pass code.
OMG OMG OMG THE FBI IS BUSTING IN MY HOUSE FOR UNLOCKING MY FRIENDS DROID!!!! NO I DON”T WANNA GO TO JAIL…THEY MIGHT RAPE ME NO NO NoooOooOoo
SOLUTION put a pin or a password if you have froyo sorted!
It may seem obvious after it’s pointed out to everyone, but the fact that the main (only before 2.2 I think) way of locking an Android phone was subject to relatively easy circumvention is an important point.
If it was so obvious to Phandroid, I wonder why you didn’t do a post or short opinion piece asking why the Android lock tool was so useless?
BTW, love Phandroid, keep up the great work, just being a little critical here because I don’t think this merits the esteemed Captain Obvious logo by any means.
why did i read this?
I guess the people at the University of Pennsylvania had nothing better to do.
I too have stolen the Logo….Robble Robble lol
I found it funny that 5(!!) people worked on this paper. And this thing has 10 pages with not to many pictures…
Next think Penn U will come with is research showing how Aliens are decoding brown patterns on our used toilet paper to interpret our thoughts….
My question is how much of my tax paying dollars went into figuring this one out? Thanks uncle Sam for wasting my money.
Here are some quick tips: Wipe the screen on your shirt before returning it to your pocket. Smudges appear more obvious when hands are dirty or greasy. Try to have clean hands whenever you handle your phone. While not always possible, if your hands are real greasy, smudge the rest of the screen to obscure your lock code.
And if your a real paranoid android, carry around a microfiber cloth to wipe down the screen. If you have a carry case, append it to where your screen is so it can be rubbed down each time you return your phone to your case.
Captain Obvious also says that most of the comments are from people who haven’t read the paper. Using images taken of a screen at a distance, and manipulating the images, they were able to discern various degrees of pattern and directionality even on phones whose screens had been wiped.
Guys! This is no joke! I just looked at the screen on my phone and there is INDEED oil on it from touching it with my fingers! Apparently I’ve been doing lot’s of up and down swipes as evidenced by the up and down streaks, mostly on the lower half of the screen. If a thief gets a hold of my phone, they’ll know for sure that the way to unlock my phone is to swipe down on the “swipe-down-to-unlock” bar of my DInc! I have devised a plan to keep would be thieves (or unauthorized users) perplexed as to how to unlock my phone. It is a hardware based solution and involves either part of a paper towel or my shirt. What I do is use either device to make contact with the touch panel and wipe off the oil markings. No more worry of anyone unlocking my phone!
Someone going through all the trouble of taking a pic of your phone and manipulating it just to figure out your pass/unlock pattern just seems a little excessive….
lol… I like to unlock my phone after eating greasy foods, leaving a nice slime trail overlay for whoever wants to unlock my phone.
Sometimes I get my unlock pattern wrong just to foil would-be counter intelligence agents.
For only $49.99 I will sell you special gloves that leave no fingerprints on the screen.
THIS is why college degrees are the most overrated thing since the iPhone.
Just get the no fingerprint app from the market.
:-)
Hahaha!!
I’m also stealing that Captain Obvious pic ;]
Hope you don’t mind. I don’t think I left any fingerprints behind when taking the image
LOL if they stole your iPhone all they have to do is swipe sideways… now that is a security risk if you ask me.
Download GPS tracker for you phone and then you can go kill whoever stole it. See the info dies with them, no more security risk…
As a Penn grad, I hope it was the night janitor that wrote this.
So thank you U of PA students for over analyzing the complexities of greasy fingers. While I can completely understand the risk I also think that even if you have an alphanumeric password it is still possible to break into any phone with enough determination….lucky that Android at least offers some security that would hinder casual criminals.
yeah, but i still consider this important. yes it is obvious. no, i have not thought of this.