Complex Android Pattern Lock Can Be Cracked In First Attempt

January 26, 2017 - Written By Anvinraj Valiyathara

Lancaster University, Northwest University in China and University of Bath have built their own vision algorithm software that can decode even the most secure pattern lock in just one attempt. The research revealed that in order to crack a Pattern Lock on an Android device, a hacker can simply shoot a video of a person unlocking it and then use the software to know the pattern. The video can be either shot by using a smartphone from around two and a half meters. It can also be done by using a DSLR video with a distance of up to nine meters. The recorded video does not need to shoot the content present on the screen.

The software for cracking Pattern Lock can swiftly track the movement of the user’s fingertip on the recorded video to learn the lock pattern. Within seconds, it can produce some candidate patterns that can be used to unlock the device. The research carried out by the three universities included 120 unique lock patterns from 215 users. The researchers could decode more than 95% of pattern locks in five or less attempts. Android device users may think that pattern lines that cover dots are quite secure to prevent hack attacks. However, the complex patterns were easier to decode as the extra movement of fingertip helped the vision algorithm software to create lesser number of candidate patterns. The experts also revealed that they were unable to crack only one complex pattern on the very first try. They could decode 87.5% of medium complex patterns in the first go and 60% of easy patterns were cracked in the first try. Since the researchers cracked Android Pattern Lock with ease by simply spying on the user, it does not seem to be the best security feature to secure the device.

In order to prevent hackers from unlocking the device by secretly recording a video of the device lock pattern, users can completely cover their fingers so that no can notice it. User can only also confuse hackers by quickly performing swiping action like inputting a text through Swype immediately after unlocking the pattern. By setting the color and brightness of the display to change dynamically, the cameras and algorithm software can be fooled. Alternatively, users can make use of biometric security features such as a fingerprint sensor or an iris scanner (provided these features are present on the device) to protect their devices from getting hacked.