The Droid (and likely other Android phones) has a screen-lock feature based on a grid of 9 nodes. When you set up the screen lock, it prompts you to draw a continuous pattern by dragging your finger over at least 4 adjacent nodes of the grid. After you verify your security pattern, you are supposed to have a locked screen: if someone finds your phone, they cannot use it because it is theoretically difficult to guess the correct pattern.
This sounds like a very smart locking feature for a touch-screen interface. The 9-node grid is certainly a non-boring way to authenticate the user. It is probably easier to remember a drawing pattern than remember a password. In addition, the computer-scientists at Google had fun calculating the combinatorics of the grid, the number of grid nodes and the minimum number of pattern-nodes needed to have adequate security etc.
The issue is that this security feature is an interesting idea in theory, but IT IS NOT WORKING IN REALITY for a very simple practical reason: when you drag your finger on the touch-screen to unlock the phone, and usually you do that often, then a trace is left on the screen that is CLEARLY VISIBLE, if you just turn the screen at an appropriate light-angle. Even when I clean the touch-screen very well and I clean my hands thoroughly, the trace is again clearly visible when I just unlock the phone a couple of times. Evidently, the problem gets much worse when the screen is not very clean, or the user's hands are oily or not thoroughly clean. Hacking a smartphone could not be easier...
Lesson for engineers: Graph theory and probabilities are not substitutes for good old common sense.
No comments:
Post a Comment