Hack that android phone

Your Android device’s Pattern Lock can be cracked within five attempts

The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts – and more complicated patterns are the easiest to crack, security experts reveal.

Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 per cent of Android device owners.

In order to access a device’s functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked.

New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software.

By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy café for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner’s fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.

The attack works even without the video footage being able to see any of the on-screen content, and regardless of the size of the screen. Results are accurate on video recorded on a mobile phone from up to two and a half metres away – and so attacks are more covert than shoulder-surfing. It also works reliably with footage recorded on a digital SLR camera at distances up to nine metres away.

Researchers evaluated the attack using 120 unique patterns collected from independent users. They were able to crack more than 95 per cent of patterns within five attempts.

Complex patterns, which use more lines between dots, are used by many to make it harder for observers to replicate. However, researchers found that these complex shapes were easier to crack because they help the fingertip algorithm to narrow down the possible options.

During tests, researchers were able to crack all but one of the patterns categorised as complex within the first attempt. They were able to successfully crack 87.5 per cent of median complex patterns and 60 per cent of simple patterns with the first attempt.

Researchers believe this form of attack would enable thieves to access phones after pinching them to obtain , or would allow malware to be quickly installed on devices while their owners were distracted.

In addition, given people often use the same pattern across multiple devices a pattern obtained from one device could be used to access a second device.

Dr Zheng Wang, principle investigator and co-author of the paper, and Lecturer at Lancaster University, said: “Pattern Lock is a very popular protection method for Android Devices. As well as for locking their devices, people tend to use complex patterns for important financial transactions such as online banking and shopping because they believe it is a secure system. However, our findings suggest that using Pattern Lock to protect sensitive information could actually be very risky.”

“Contrary to many people’s perception that more complex patterns give better protection, this attack actually makes more  easier to crack and so they may be more secure using shorter, simpler patterns,” Guixin Ye, the leading student author from Northwest University, added.

The researchers have proposed suggested countermeasures to prevent this attack. They include device users fully covering fingers when drawing the pattern; or pattern lock designers mixing pattern locking with other activities such as entering a sentence using Swype-like methods; in addition having the screen colour and brightness change dynamically could confuse the recording camera.

Source

Lockpickers at airports

THE TSA IS learning a basic lesson of physical security in the age of 3-D printing: If you have sensitive keys—say, a set of master keys that can open locks you’ve asked millions of Americans to use—don’t post pictures of them on the Internet.

A group of lock-picking and security enthusiasts drove that lesson home Wednesday by publishing a set of CAD files to Github that anyone can use to 3-D print a precisely measured set of the TSA’s master keys for its “approved” locks—the ones the agency can open with its own keys during airport inspections. Within hours, at least one 3-D printer owner had already downloaded the files, printed one of the master keys, and published a video proving that it opened his TSA-approved luggage lock.

Those photos first began making the rounds online last month, after the Washington Post unwittingly published (and then quickly deleted) a photo of the master keys in anarticle about the “secret life” of baggage in the hands of the TSA. It was too late. Now those photos have been used to derive exact cuts of the master keys so that anyone can reproduce them in minutes with a 3-D printer or a computer-controlled milling machine.

“Honestly I wasn’t expecting this to work, even though I tried to be as accurate as possible from the pictures. I did this for fun and don’t even have a TSA-approved lock to test,” writes Xylitol, the Github user who published the files, in an email to WIRED. Xylitol, who noted that he was based in France, declined to reveal his real name. “But if someone reported it that my 3D models are working, well, that’s cool, and it shows…how a simple picture of a set of keys can compromise a whole system.”

Though Xylitol had warned Wednesday morning that he hadn’t tested the CAD files, Montreal-based Unix administrator Bernard Bolduc showed just hours later that the printable files worked as advertised. Bolduc says he printed one of keys in five minutes on his PrintrBot Simple Metal printer using cheap PLA plastic and immediately opened one of his TSA-approved luggage locks.

“I didn’t do any modifications,” he said in a phone call with WIRED. “It worked on the first try.”

Despite Bolduc’s successful test, the 3-D printed keys may still require some tweaking. On Friday, another lockpicking enthusiast who goes by J0hnny Xm4s reported on Twitter that he’d also been able to open TSA-approved locks with the 3-D printed keys, but that he’d had to change the scale of the CAD models.1

Bolduc says he doesn’t know the brand of the luggage lock he opened, but based on the “TSA” inscription on the bottom, he can conclude it is on the approved list. The problem likely extends well beyond one brand, anyway; the leaked master keys include those that open every type of TSA-approved lock made by companies such as Master Lock, Samsonite and American Tourister.

Of course, none of those companies are to blame for following the TSA’s master key guidelines. The real security blunder, as Berkeley computer security researcher Nicholas Weaver noted after the key photos were first published, was made by the TSA and the Washington Post, who released the photos on the Post’s website. Publishing photos of sensitive keys, after all, is a well-understand screwup in the world of physical security, where researchers have shown for years that a key can be decoded and reproduced even from a photo taken from as far away as 200 feet and at an angle. Neither the Washington Post nor the TSA immediately responded to a request for comment.

The Github release of those printable master key files, according to one of the lockpickers who decoded the master key photo, is meant to prove to anyone who uses the TSA-approved locks that they should no longer expect them to offer much security. “People need to be aware that even though someone says ‘use these approved locks,’ don’t take their word for it,” says Shahab Sheikhzadeh, a New Jersey-based security researcher who usually goes by the handle DarkSim905, and who helped Xylitol with his work on Github. “We’re in a day and age when pretty much anything can be reproduced with a photograph, a 3-D printer and some ingenuity.”

Even so, the TSA’s master key leak doesn’t exactly represent a critical security crisis, argues University of Pennsylvania computer science professor and noted lock picker Matt Blaze. The TSA-approved luggage locks were never very high security devices to begin with. “I’m not sure anyone relied on these kinds of locks for serious security purposes,” he says. “I find it’s actually quicker to pick the TSA’s locks than to look for my key sometimes.” (Blaze also notes that he believes that a photo of TSA’s master keys leaked earlier than the Post‘s story, though he can’t recall where and doesn’t believe they were actually published as printable CAD files until now.)

But Blaze says that the photo leak and subsequent 3-D printing demonstration does show just how quickly a theoretical slip-up can turn into a real security compromise. And he says that the TSA should have known better than to allow its master keys to be photographed. Prisons, for instance, have long kept cell keys covered on guards’ belts, he points out. “In high-security environments, it’s clear that you want people to not just take photos of your keys, but to not even look at them,” he says. “We would hope the TSA would have taken better care of their keys than they have.”

1Updated 9/11/2015 6:23pm EST with a tweet from J0hnny Xm4s noting that the printed keys worked only after he rescaled them.

Source