A person in a black hoodie crouches in a dark room with a bright light shining over a phone. As the light hits the phone screen, finger smudges are illuminated, revealing the owner’s password. And just like that, the hacker has complete access to the device.
You’ve seen it in the movies and on TV – but can finger smudges really last on your touch-screen device long enough to be easily collected, and then used to access your private information?
Surprisingly, yes, and yes.
In 2010, a team of researchers from the University of Pennsylvania presented a study called “Smudge Attacks on Smartphone Touch Screens” that described how the oily residue from our fingers left on phone screens can be used to steal passwords and other sensitive information.
Smudge attacks, the study outlines, are a threat to smartphones for three reasons: “First, smudges are surprisingly persistent in time. Second, it is surprisingly difficult to incidentally obscure or delete smudges through wiping or pocketing the device. Third and finally, collecting and analyzing oily residue smudges can be done with readily available equipment such as a camera and a computer.”
The researchers examined smudges in different lighting and camera orientations, and found that partial patterns of passwords were distinguishable in 92% of all lighting and camera setups tested and fully distinguishable in 68%. In the “less-than-ideal” lighting and camera orientation conditions, the pattern could still be partially obtained in 37% of cases and fully in 14% of them.
Wiping Your Screen Isn’t the Solution
With partial smudges, the researchers say, hackers can still easily steal passwords and private information. “This partial retrieval is still extremely encouraging for an attacker, who has learned a good deal about which patterns are likely, e.g., it could be each isolated part uniquely, the two parts connected, etc.”
So, just wipe off the smudges with the edge of your shirt, right? Not quite, as the study revealed that simple clothing contact – for example putting your device in a pocket or actively wiping – did not play a large role in removing smudges. “One smartphone in our study retained a smudge for longer than a month without any significant deterioration in an attacker’s collection capabilities.”
Of course, with the plethora of tools at their disposal, it’s unclear how often criminals and hackers actually use smudges to break into stolen phones. Police aren’t exactly prioritizing this line of questioning. Still, the threat was widely covered by the tech media, and it spawned discussion of prevention methods, including a fingerprint-resistant screen protector (ranging from $30 to $60), microfiber cloth to wipe down screens after every use (impractical and unlikely that you’ll remember every time), or purchasing a finger glove(honestly, I dare you).
Better yet, choose a device with an oleophobic layer on the screen, like BlackBerry’s new DTEK50 device. The oleophobic coating on the DTEK50’s 5.2-inch HD screen helps prevent the oily residue from fingers to adhering to the glass.
When water droplets fall on a screen protected with an oleophobic layer like on the DTEK50, the droplets will bead up quickly (like on the left), making them easy to wipe off, instead of spreading and attaching to the screen. Like the water droplets, oil droplets on a oleophobic screen bead up quickly, making it easy to clean up without smearing instead of spreading and creating an oily mess. (Watch oil and water droplets in action on an oleophobic screen here.)
The DTEK50’s smudge-resistant screen is only one small way BlackBerry helps to ensure your security and privacy. Read our other blog to learn why BlackBerry Android phones such as DTEK50 and PRIV are so secure (and watch the video).
With this protective coating on your DTEK50, however, you can help keep your passwords and sensitive information safe, while eating all the garlic bread you want without the hassle of constantly wiping down your screen or wearing a (very hip) finger glove.
Starting today, DTEK50 is available to pre-order from ShopBlackBerry.com in the U.S., Canada, UK, France, Germany, Spain, Italy, and The Netherlands for $299 USD ($429 CDN, €339, and £275). Additionally, for a limited time, customers who pre-order DTEK50 will receive a complimentary BlackBerry Mobile Power Pack, a high-capacity portable charger worth $59.99 USD ($69.99 CDN, €59.99, and £54.99) that powers all your compatible mobile devices to maximize your productivity and play time. This offer expires on August 8th at 11:59 p.m. PST.
DTEK50 will be available in a number of channels around the world, including more than 40 partners from electronics stores, carriers, VARs, and distributors. This includes Rogers, Bell, TELUS, WIND, Videotron, and SaskTel among others in Canada. In the U.S., DTEK50 will initially be available in Best Buy, B&H, and Amazon. Availability of DTEK50 in additional global channels and countries will be announced in the coming weeks.
[Source:- Inside blackberry]