We’d seen this for ourselves earlier this year, but now it’s been proven by science: grease marks, touchscreens and swiped passcodes do not a secure Android phone make.
In “Smudge Attacks on Smartphone Touch Screens”—which must have been more fun to name than to write—University of Pennsylvania researchers tested how easily passwords could be extracted from an Android touchscreen using a variety of methods. The answer: very, very easy. Your oily fingers leave a trace so distinct that partial passcodes were, in one set of experiments, identifiable 92% of the time.
You’ve got a couple of options to combat the security risk: one would be to wait for Froyo and its delicious QWERTY password option. The other? Turn your entire screen into a grease mine so that no pattern emerges. Who knew the KFC Double Down was the best bodyguard your phone ever had? [UPenn via Techdirt]
Send an email to Brian Barrett, the author of this post, at firstname.lastname@example.org.Your version of Internet Explorer is not supported. Please upgrade to the most recent version in order to view comments.
If you are using Firefox and NoScript addon, please mark gizmodo.com as trusted.