Smudge attack

The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents.

The smudge attack method against smartphone touch screens was first investigated by a team of University of Pennsylvania researchers and reported at the 4th USENIX Workshop on Offensive Technologies.

For the pattern lock, the app presented a 10x10 grid of stars the users had to swipe over and highlight before accessing the home screen.

[2] A typical setup from an active attacker could include a mounted camera, the phone placed on a surface, and a single light source.

[1] There are different steps and techniques that attackers use to isolate the fingerprint smudges to determine the lock pattern or PIN.

[13] When pressing a finger down on the touch screen surface to create a fingerprint, the liquid from the edges of the ridges fill in the contact region.

This fingerprint liquid is made up of substances from the epidermis, the secretory glands, and extrinsic contaminants such as dirt or outside skin products.

[13] Smug is a specific attack method that combines image processing with sorting patterns to figure out pattern-based passwords.

Next, the smudge objects are identified using binary, Canny edge detection, and Hough transformation to enhance the visibility of the fingerprint locations.

[12][16] Smudge attacks can be performed on various smart device locking methods such as Android Patterns, PINs, and text-based passwords.

If a PIN is shared or stolen, the device or machine cannot detect whether the user is the rightful owner since it only relies on if the correct number is inputted.

Unlike DAS, the scheme relies on selecting the intersections on a grid instead of the cells on the screen, and users can also draw diagonal lines.

[21] Touchscreen devices that use Android pattern lock will leave behind swipes that give away the right location and combination an attacker needs to unlock the phone as an unauthorized user.

[24] Some of these ways avoid the requirement to input anything with their fingers and thus eliminating the ability for attackers to use smudges to determine the password lock.

To avoid this, users tend to choose short, weaker passwords to make it more convenient and shorten the unlocking time.

Low molecular attraction means that there is little to no adhesion for the oil and water molecules to bind to the surface and leave behind a trace.

[33] Biometrics is a type of authentication that identifies a user based on their behavior or physical characteristics, such as keystrokes, gait, and facial recognition rather than what one can recall or memorize.

[35] This type of security can serve as a secondary protection to traditional password methods that are susceptible to smudge attacks on their own since it doesn't rely on entering a memorized number or pattern or recalling an image.

[38][39] A possible solution to any theft, leak, or mimicry are fingerprint template protection schemes as they make it difficult for attackers to access the information through encryption and added techniques.

Measuring the characteristics unique to each individual creates a stable and mostly consistent mechanism to authenticate a person since these features do not change very quickly.

The grid is much smaller in size compared to traditional pattern locks, which forces the user to draw in a confined space to squeeze all the smudges in a small area.

[20] Also, another drawback is the grid dots are hard to visualize due to the small size, which makes it difficult to draw complex patterns and unlock without error.

[16] ClickPattern uses a 3 x 3 grid labeled one through nine, and the user has to click on the nodes that correlate with the end of a drawn line to prevent swiping on the screen.

For smartphones, the level of triangles is set at 3 due to the limited size of the touch screen, but it can increase for bigger tablets.

Since the colored triangles are randomly generated, they can be found in different locations for every authentication, thus leaving smudges behind that do not give any clues to potential attackers.

[25] Knock Code is authentication method introduced by LG Electronics that allows users to unlock a phone without turning it on by tapping the correct area in the right sequence.

These variations can protect against smudge attacks due to the sliding operations that erase the knocking at the end after the taps are inputted.

In a user study that compared the original Knock Code and the Android Pattern Lock, these variation schemes were more resistance to smudge attacks.

[20] There has been movement towards physiological biometric authentication in current smartphone security such as fingerprint and facial recognition that allow the user to replace their PINs and alphanumeric passcodes.

[39] Research on biometrics and multi-gesture authentication methods is continuing to help combat attacks on traditional passwords and eliminate the vulnerabilities of novel schemes as new trends and new technology are developed.

An iPad used by children with its touchscreen covered with fingerprint smudges
An iPad clearly showing the fingerprint smudges left behind on the touchscreen
Same iPad after wiping screen for exactly 6 seconds with jacket sleeve still with visible fingerprint marks