Pattern Lock is a bespoke security feature that comes with the latest models of Android enabled devices. To access a device the user’s finger makes a particular pattern by crisscrossing over a series of illuminated dots. The pass code is preferred by many device users over PIN codes or text passwords, with around 4 out of 10 Android device users utilizing the function. To set up the function, users draw a pattern on an on-screen grid of dots. This is stored in the device’s memory and from then on to access the device the user must repeat the pattern and where this matches the pattern the device can be used. Sometimes the wrong pattern is selected; to guard against permanent lock-out users have five attempts to get the pattern right.
While the sequence of zigzags used to unlock a device appears secure, given the seeming randomness of the patterns, the patterns selected by most people are fairly predictable and it is this predictability that allows criminals to crack codes relatively easily. The relative ease of cracking the code has been highlighted by researchers from Lancaster University, Northwest University in China, and the University of Bath. The findings show that hackers can crack Pattern Lock quickly and within five attempts through the use of video and computer vision algorithm software.
This can happen when a would-be hacker covertly video records an Android device owner drawing their Pattern Lock shape. Following this the hacker can use software to track the owner’s fingertip movements relative to the position of the device. The software can then generate an algorithm to produce up to five candidate patterns that allow the hacker to access the Android device (assuming the hacker succeeds in taking the device).
The researchers tested out the ease of accessing devices by collecting 120 unique patterns from independent users, running them through software, and here they found they could crack more than 95 per cent of patterns within five attempts. Interestingly the more complex the pattern, the easier it was to crack. This obviously, as Forbes reports, highlights a vulnerability with the Android system.
In a research brief, Dr Zheng Wang, who is a lecturer at Lancaster University, stated: “Pattern Lock is a very popular protection method for Android Devices. As well as for locking their devices, people tend to use complex patterns for important financial transactions such as online banking and shopping because they believe it is a secure system. However, our findings suggest that using Pattern Lock to protect sensitive information could actually be very risky.”