![Page 1: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/1.jpg)
Cracking Android Pattern Lock in 5 Attempts!Guixin Ye
Northwest University (China), Lancaster University (UK), Bath University (UK)
![Page 2: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/2.jpg)
Attacking Scenario !!• Alice and Bob go to a party (or library etc.)!
• Alice leaves her phone unattended for a few minutes, thinking this is okay as she uses PATTERN LOCK protection!!Can Bob quickly install malware on Alice’s phone?!
2
![Page 3: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/3.jpg)
-60 -30 0 30 60-60
-30
0
30
60
How can Bob bypass pattern lock?!
3
Bob only need to observe the fingertip movement!!
![Page 4: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/4.jpg)
Evil Bob films how Alice draws the pattern from a distance of 2-3 meters. No need to see the screen content. !
![Page 5: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/5.jpg)
Tracking !
5
Bob marks two areas of interest, and runs a vision algorithm to track the fingertip movement. !
![Page 6: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/6.jpg)
-60 -30 0 30 60-60
-30
0
30
60
-60 -30 0 30 60-60
-30
0
30
60
Tracking Example!
6
Bob wants this! Tracking algorithm
Resulted fingertip movement trajectory
The pattern
![Page 7: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/7.jpg)
View Transformation !
7
-60 -30 0 30 60-60
-30
0
30
60
-60 -30 0 30 60-60
-30
0
30
60
1S =TS
cos -sin=sin cos
Tθ θ
θ θ⎛ ⎞⎜ ⎟⎝ ⎠Camera’s perspective User’s perspective
![Page 8: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/8.jpg)
-60 -30 0 30 60-60
-30
0
30
60
Trajectory to Candidate Patterns !
8
Fingertip Trajectory Candidate Patterns
![Page 9: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/9.jpg)
-60 -30 0 30 60-60
-30
0
30
60
A large number of possibilities!
9
Fingertip Trajectory Possible Patterns (>100)
……
![Page 10: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/10.jpg)
10
Use Geometric information!
Pattern Lock
Line Length
Line Direction
![Page 11: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/11.jpg)
Example: Identify Candidate Patterns !
11
Rejected patterns
Candidate patterns
Length
Length & Direction
Length & Direction
![Page 12: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/12.jpg)
Test on Alice’s Phone!
12 Correct pattern
![Page 13: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/13.jpg)
Another Example !
13
-80 -40 0 40 80-80
-40
0
40
80
Complex Pattern
Pattern Trajectory
![Page 14: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/14.jpg)
Evaluation Setup!
14
120 patterns from 215 users! plus!some of the most complex patterns!
Other pattern grids!
Xiaomi MI4, Meizu2, Huawei Honor7, Samsung Note4!
![Page 15: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/15.jpg)
Example Patterns!!!!! Simple Medium Complex!
15
![Page 16: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/16.jpg)
Simple Median Complex0%
20%
40%
60%
80%
100%
The complexity of pattern locks
Cra
ckin
g su
cces
s ra
te
1 attempt2 attempts3 attempts4 attempts5 attempts
Complex patterns are less secure!
16
Over 95% of the patterns can be cracked in 5 attempts
![Page 17: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/17.jpg)
1 2 3 4 50
10
20
30
40
Number of candidate patterns
Num
ber o
f pat
tern
s
SimpleMedianComplex
Up to 5 candidate patterns generated!
17
For most median and all complex patterns, our system produces just ONE candidate pattern.
Candidate Pattern
![Page 18: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/18.jpg)
Threat distance reaches 2.5m!
18
Over 80% of the patterns can be cracked within a distance of 2.5 meters away from the target device.
1 1.5 2 2.5 3 3.50%
20%
40%
60%
80%
100%
Distance(Meter)
Cra
ckin
g su
cces
s ra
te
1 attempt2 attempts3 attempts4 attempts5 attempts
![Page 19: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/19.jpg)
Simple Median Complex60%
70%
80%
90%
100%
Cra
ckin
g su
cces
s ra
te
4×4 5×5 6×6
More dots helps, but only for simple patterns!
19
![Page 20: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/20.jpg)
Conclusions!Pattern lock is vulnerable under video based attacks!!Complex patterns could be less secure!!Data available at:!https://dx.doi.org/10.17635/lancaster/researchdata/113!
20
![Page 21: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/21.jpg)
Back Up!
21
Related work Camera Shake How to identify candidate pattern How to define the complexity of pattern lock Video recording devices
![Page 22: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/22.jpg)
22
Existing Researches on Pattern Lock
Smudge Attack Wireless-based Attack
![Page 23: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/23.jpg)
23
Video-based Attacks on PIN- or text-based passwords
Text-based: Directly facing the keyboard or the screen
PIN-based: The dynamics of hand during typing
![Page 24: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/24.jpg)
24
Pattern Lock v.s. PIN- or text-based password
Discrete keystrokes Continuous points
Overlapping lines Different size of pattern grid
How to map the fingertip movements to a graphical structure?
How to identify two overlapping lines?
How can the algorithm adapt to the different size of pattern grid
Existing attacks methods cannot be used to crack pattern lock
![Page 25: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/25.jpg)
-100 -50 0 50 100-100
-50
0
50
100
-100 -50 0 50 100-100
-50
0
50
100
Camera Shake Effect!
25
Expected trajectory Unique pattern Tracking process
Actual trajectory
![Page 26: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/26.jpg)
-100 -50 0 50 100-100
-50
0
50
100
Camera Shake Calibration!
26
w/ camera !shake calibration
Correct pattern
Fixed point Fixed point Fixed point
![Page 27: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/27.jpg)
1 2 31 2 3( , , ; , , ) l l ll l l d d d{ ; }CP L D=
l L is the collection of the relative line segments.!
l D is collection of the directions corresponding to the line segment.!
Geometric Features Fingertip Trajectory
27
Solution: Identify Candidate Patterns!
![Page 28: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/28.jpg)
Example: Extracting Geometric Features!Length Feature
120 140 160 180 200 220 240 260-950
-900
-850
-800
-750
-700
-650S
ET2
T1
1 1 2 2: ( , , )ST TT T EL l l l
: (5,11,5)D
Direction Feature
All line directions
28
![Page 29: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/29.jpg)
Pattern Collection and Category!
ü Simple pattern(40): !ü Median Pattern(40): !ü Complex pattern(40):
𝑆↓𝑃 ∈[6.34,19) 𝑆↓𝑃 ∈[19,33) 𝑆↓𝑃 ∈[33,46.8)
29
𝐶𝑆↓𝑃 = 𝑆↓𝑃 × log↓2 ( 𝐿↓𝑃 + 𝐼↓𝑃 + 𝑂↓𝑃 )
ü is the number of connected dots!ü is the total length of all line segments that form the pattern !ü are the number of intersections!ü are the number of overlapping linear segments
𝑆↓𝑃
𝐼↓𝑃 𝐿↓𝑃
𝑂↓𝑃
![Page 30: Cracking Android Pattern Lock in 5 Attempts...Attacking Scenario!! • Alice and Bob go to a party (or library etc.)! • Alice leaves her phone unattended for a few minutes, thinking](https://reader033.vdocument.in/reader033/viewer/2022041611/5e37fa0ab67d1907cc042141/html5/thumbnails/30.jpg)
30
Video Recording!l User Participation! 10 postgraduate: 5 male and 5 female students
l Test Phones!
Size ! Xiaomi MI4
Huawei Honor7
Samsung Note4
Height(cm)×Height(cm) 13.9×6.9 14.3×7.2 15.4×7.9
Brands
l Record Device! Apple iPhone4S, Xiaomi MI4 and Meizu2!