Phones with touch screens vulnerable to 'smudge attacks'

The oily residue people leave on handset touch screens could make their phones vulnerable to security problems termed “smudge attacks,” according to a report circulated this week by University of Pennsylvania researchers.

The paper said hackers might be able to read the smudges on a smart phone to infer a password, either by taking photos of the screen or by obtaining the phone and analyzing the screen directly.

The researchers took photos of screens and used a program to analyze the photos closely. They found they could figure out the password over 90 percent of the time. The study used Android phones, which use a graphical pattern to allow users to unlock the phone. Phones included the Nexus 1.

The study also found that “pattern smudges,” which build up from writing the same password numerous times, are particularly recognizable.

“We showed that in many situations full or partial pattern recovery is possible, even with smudge ‘noise’ from simulated application usage or distortion caused by incidental clothing contact,” the paper said. 

The researchers said their next project may be to investigate if heat trails on touch screens could create similar vulnerabilities.