Posts Tagged ‘android security’

Hacking the Android Unlock Pattern

February 3rd, 2009 No comments

Ever since I discovered the Android Unlock Pattern, I’ve been trying to come up with a creative way to get around it. I’m sure there are plently of snazzy software ways to do this, but there’s an even easier one–use smudges.

Especially after you’ve made a call and held the G1 up to your face, some grime inevitably builds up on the screen (eww!). When you run your finger over the screen to unlock the phone, it ends up leaving a surprisingly clear fingerprint trail behind. If you hold the phone up to a light or a window and tilt it around enough, you can generally see the patterns of fingerprints on the screen. Unless the person using the phone did a lot of scrolling around after entering their unlock pattern, it’s also usually possible to clearly see their pattern as a nice little trail of disrupted grime on the screen.

Several people have pointed this out in forums, but I wanted to get a clear picture of the problem. Given the reflectiveness of the G1’s screen, however, this proved surprisingly hard to do. Eventually, I ended up placing the phone under a bright light and then photographing it with an SLR, which allowed me to selectively focus on the screen, and not focus on the reflection on the screen, as my point-and-shoot inevitably chose to do. I then made the resulting image negative in Photoshop, ran it through a high pass filter, and messed around a bit with the brightness and contrast.

The result is an image, on which I’ve overlayed the unlock “dots”:

Overlay of smudges on Android screen with Unlock Pattern

It’s not hugely obvious at first, but if you look closely, you can see a line connecting the dots from the lower left to upper right corners (forming an L rotated clockwise), the correct pattern. It’s a lot of hassle to show something which is really obvious when you’re actually looking at the phone under a light, but you can see the idea.

This begs the question of how to protect your phone. The most obvious solution would be to wipe the screen after each use (or shower/wash your hands more often), but who wants to do that? Another idea is to create a pattern where you double back over lines you’ve already drawn, thus obscuring the actual pattern, even if someone should see its basic layout. The ease of doing this, however, suggests that maybe the unlock pattern isn’t all it’s cracked up to be–how about adding support for PIN entry in a future release, Google?

Security Through Pretty Pictures: The Unlock Pattern

January 13th, 2009 No comments

Once you’ve got all your contacts, personal emails, embarrassing party photos, etc. on the G1, it’s nice to have a way to keep everything nice and secure in case the phone gets lost. Luckily, the G1 has a very Googley solution that allows you to avoid typing a password each time you go to use the phone. It’s called the Unlock Pattern. You enable it by going to Settings–>Security and Location and selecting Require Pattern.

G1 Require Pattern

You’ll be promoted to draw a little pattern by connecting a series of dots. From now on, when your phone is sleeping and you press the Menu button to unlock it, Android will ask you to repeat it.

Draw Pattern to Unlock

You then simply redraw your pattern to get access to the phone. As an aside, I still haven’t worked up the courage to press the Emergency Call button…

If a thief were to find the phone, it’s unlikely that they would be able to guess the pattern. Also, after a few incorrect attempts, the phone shuts you out for 30 seconds, preventing thieves from using brute force to break in.

Draw Picture to Unlock, Wrong

If you’re afraid of your friends seeing the pattern, you can avoid the little green circles by unchecking the Use Visible Pattern box in the menu where you turned the feature on.