Your Android device’s Pattern Lock can be cracked within five attempts

Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 per cent of Android device owners. New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software.

By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy café for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner’s fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.

Complex patterns, which use more lines between dots, are used by many to make it harder for observers to replicate. However, researchers found that these complex shapes were easier to crack because they help the fingertip algorithm to narrow down the possible options.

Researchers believe this form of attack would enable thieves to access phones after pinching them to obtain sensitive information, or would allow malware to be quickly installed on devices while their owners were distracted.

The researchers have proposed suggested countermeasures to prevent this attack. They include device users fully covering fingers when drawing the pattern; or pattern lock designers mixing pattern locking with other activities such as entering a sentence using Swype-like methods; in addition having the screen colour and brightness change dynamically could confuse the recording camera.