Paper Info
Title
Smudge attacks on smartphone touch screens
Abstract
Touch screens are an increasingly common feature on personal computing devices, especially smartphones, where size and user interface advantages accrue from consolidating multiple hardware components (keyboard, number pad, etc.) into a single software definable user interface. Oily residues, or smudges, on the touch screen surface, are one side effect of touches from which frequently used patterns such as a graphical password might be inferred. In this paper we examine the feasibility of such smudge attacks on touch screens for smartphones, and focus our analysis on the Android password pattern. We first investigate the conditions (e.g., lighting and camera orientation) under which smudges are easily extracted. In the vast majority of settings, partial or complete patterns are easily retrieved. We also emulate usage situations that interfere with pattern identification, and show that pattern smudges continue to be recognizable. Finally, we provide a preliminary analysis of applying the information learned in a smudge attack to guessing an Android password pattern.
Year
Venue
Keywords
2010
WOOT
smudge attack,touch screen,touch screen surface,pattern identification,android password pattern,preliminary analysis,graphical password,pattern smudge,smartphone touch screen,single software definable user,complete pattern
Field
DocType
Citations 
World Wide Web,Android (operating system),Computer science,Camera orientation,Human–computer interaction,Software,Password,Shoulder surfing,User interface,Pattern identification
Conference
211
PageRank 
References 
Authors
9.70
10
5
Search Limit
100211
Name
Order
Citations
PageRank
Adam J. Aviv144335.85
Katherine Gibson221110.04
Evan Mossop32119.70
matt blaze43189381.70
Jonathan M. Smith51689238.40