Attackers can crack Android devices within five attempts

Supplementary content information

Photo of mobile phone being operated

Research showing that Android phones can be cracked within just five attempts has generated widespread interest.

Researchers at Lancaster University, the University of Bath and Northwest University in China have demonstrated that video and computer vision algorithm software can be used to crack the popular Pattern Lock system, with more complicated patterns the easiest to crack.

The research, supported by the Engineering and Physical Sciences Research Council, has led to a wide range of media coverage, including articles in the Daily Mail, The Times, the Daily Mirror and the Huffington Post.

The Pattern Lock system, which allows users to access their phone or tablet by drawing a pattern on an on-screen grid of dots, is used by around 40 per cent of Android device owners.

Devices become locked after five incorrect attempts to draw the right pattern, but the researchers say that is all that is needed for attackers to use the algorithm software to crack their phone or tablet.

Video footage, taken covertly by attackers, does not even have to capture the device's screen, and can be used to track the owner's fingertip movements relative to the position of the device. The software then produces a small number of candidate patterns to access the device.

The researchers evaluated the attack using 120 unique patterns collected from independent users. They were able to crack more than 95 per cent of patterns within five attempts.

Researchers believe this form of attack would enable thieves to access phones after stealing them to obtain sensitive information or install malware.

Dr Zheng Wang, principal investigator and co-author of the paper, and Lecturer at Lancaster University, said: Pattern Lock is a very popular protection method for Android Devices. As well as for locking their devices, people tend to use complex patterns for important financial transactions such as online banking and shopping because they believe it is a secure system. However, our findings suggest that using Pattern Lock to protect sensitive information could actually be very risky.

Reference: PN 05-17