Shocker: Touchscreen smudge may give away your Android password pattern
By Richard Lai 
posted August 16th 2010 3:18AM
posted August 16th 2010 3:18AM
posted August 16th 2010 3:18AM
A look back on popular stories from today in a specific year.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
Surprise surprise!
@Teerim why the hell am I up so late. Shit this is crazy. Can someone say insomniac.
/sarc.
@Teerim white iPhone!
In other news, bear shits in woods.
@NuklearPanda
+1
@Richard
Its a shocker to me too that you were shocked with this news!
@Teerim
Shocker: Just realized that Engadget has the same colors as the Carolina Panthers.
@Teerim The great white buffalo
@Teerim
Yep, this has worked for me many a time on friends phones...
@NuklearPanda
In your case: radioactive bamboo grove.
@Teerim
wouldnt a matte screen protector take care of this?
@Teerim Other shocker: You can see the smudges on the numbers of a pin lock so if there are four separate smudges corresponding with four digits, there are only 24 possible combinations. It wouldn't take more than two minutes to cycle through all of those. However, if you back track over a direction or two in your password pattern on android, that may take a while to figure out. Ideally, our phones would all have genital recognition software and all you'd have to do to unlock it would be to stick it down the front of your pants and click. Just be careful when you pull it back out, curlies tend to get caught in the battery cover. That's why iPhones don't have replaceable batteries! The magical Steve Jobs is always ten steps ahead.
Shocker: Monitor burn-in reveals your most frequented pr0n site URL since you were 'busy' for an extended duration of time on the same page.
@Teerim
Why even bother posting this? No one's awake but we few rtards. You know what? Thank you engadget! Thank you for occupying my sleepless time. Thanks!!
@who else but Quagmire
probably, but so would having clean hands...
@Teerim It's called SLOW NEWS DAY.
@who else but Quagmire
Yes it would. even just a regular screen protector does anyways I have one on my bh2 it never smudges.
@kramer Just bcuz u can see the smudge doesn't mean that you know what order to touch the dots in. :0
@Prospero Just bcuz u see the smudge doesn't mean that u know the order to touch the dots unless it's a very simple pattern
@Teerim Old news is OLD.
@NikAmi does any of this matter cause if you loose the phone which im implying people can access your info from well theres back doors around all of this stuff as long as your willing to spend the time to get past them so what does this article explain
except people dont like there girlfriend looking at there phone
@NikAmi
Not really since after I think 3 failed attempts it locks you out for a minutes, then after another failed its 5 min, then 20 min and sometime after the 10th wrong attempt it will erase all data. (iPhone)
@Devin : no its a KIRF white iphone shell.
@NikAmi
Actually there's 4^4 = 256 combinations possible if you have the 4 digits; not 24.
@NikAmi
My bad u r right, there's no repetition, therefore it's 4! = 24 combinations.
@NextGen
All of you are missing this. You can enter the same digit more than once and there are 10 possible digits to choose from every 4 times. So it's 10x10x10x10 and that my friend equals 10,000!
@carsonalbritton
The smudge help u narrow down the 10 digits to 4 and since if it's 4 separate digits, u use each of them once in each combination, that's narrow further the number of possible combinations and it's 24 total. He was right :)
@Prospero but wouldnt a simple swipe across the screen (if your looking at pictures for example) do the same thing?
Assuming they don't do anything after its unlocked..
If someone steals my phone (Desire ATM), they might aswell just use it straight away rather than going through the trouble of (inevitably) by passing security... When I will have a password on every device I own, the scum will have won.
@SlimSpaceman This reminds me of the recent "anti-terrorist security measures", so much freedom given up already it's redicolous...
When I have passwords on every device I own, maybe the my mum will stop giving me those weird, disappointed looks.
@TheRealCJ
Dude! You have a real mummy?! WTF?
back when the G1 first came out A girl I worked with had one and we unlocked her phone this way all the time.....im glad a university has confirmed what 17 year olds working in fast food discovered years ago. hahahaha
HA!
I left my phone at home when I went to work once. My wife tried to use my old password that she had seen me enter (I had changed it by that point), tryin to get in my sheeeeit. When I came home, the smudge print of my old password was on the phone and she tried to deny it.
Caught her grease-handed!
@seangt - Exactly!
No Duh on this one! Besides, I thought the U of P was an institute of “higher learning”. Moral of the story, keep your hands and devices clean. Sayin...
Really? Wouldn't have guessed that possible
Quite a simple solution.
Randomise the pattern for how the numbers appears in the grid. Example: 1,4,2,8,9,3,..
My bank does this for pin numbers.
@xsacha not a bad idea
@xsacha
That's a pretty good idea, now only if you can get Google to listen.
@xsacha the whole point of that unlock mechanism is that you can use a pattern and not really have to remember numbers. If you are going to randomize the digits then there is no point drawing a pattern in the first place - might as well just have a regular PIN entry screen.
It *is* pretty easy to figure out the smudge patterns though. I did it on a colleague's phone recently who didn't believe it was possible. It took 2 guesses.
@ChuChu
How about relatively simple but multiple patterns? I'd say having 3 pattern keys would make the smudge patterns useless.
@Xyned What about wiping your phone on your pants? Just an idea...
@ChuChu
Well I was specifically talking about the first image there with a PIN and numbers.
For the pattern you could set a starting orientation (with a red dot or something).
I'm guessing the smudges are only from doing the exact same pattern multiple times. Just making the user do it differently sometimes will prevent this issue.
@xsacha
Thats actually a really good solution.
@engadget fanboy
I have a better idea than all of you.
If you allow the dots to be selected multiple times, the pattern will cross its self and make it the swipe have many more potential patterns. The same dot could even be selected three times for much more complicated password.
Makes me think of National Treasure, when nichcage figures out the hot girl's password, even though she hit one key twice.
Nicholas Cage could still figure it out.
This works on every touchscreen device, i dunno why you say it´s an android issue?!
@SlntBob
And they even have an iPhone in the photo, heh.
@xmonkey
The iPhone has button taps, telling you the numbers of the pin, but not the sequence.
The Android has a sliding dealio, and just by retracing the smudge with your finger you can unlock the device.
@APV
On Froyo you can use PINs or a password.
Also, there's still an iPhone in the photo.