tailieunhanh - Smudge Attacks on Smartphone Touch Screens

The current RSS distribution architecture, in which all clients periodically poll a central server, has band- width requirements that scale linearly with the number of subscribers. We believe that this architecture has little hope of sustaining the phenomenal growth of RSS [10], and that a distributed approach is needed. The proper- ties of peer-to-peer (p2p) overlays are a natural fit for this problem domain: p2p multicast systems scale log- arithmically and should support millions of participat- ing nodes. Therefore, we argue that RSS feeds can be distributed in a way that shares costs among all partici- pants. By using p2p event notification to distribute mi- cronews, we can reduce dramatically the load. | Smudge Attacks on Smartphone Touch Screens Adam J. Aviv Katherine Gibson Evan Mossop Matt Blaze and Jonathan M. Smith Department of Computer and Information Science - University of Pennsylvania aviv gibsonk emossop blaze jmsg@ Abstract Touch screens are an increasingly common feature on personal computing devices especially smartphones where size and user interface advantages accrue from consolidating multiple hardware components keyboard number pad etc. into a single software definable user interface. Oily residues or smudges on the touch screen surface are one side effect of touches from which frequently used patterns such as a graphical password might be inferred. In this paper we examine the feasibility of such smudge attacks on touch screens for smartphones and focus our analysis on the Android password pattern. We first investigate the conditions . lighting and camera orientation under which smudges are easily extracted. In the vast majority of settings partial or complete patterns are easily retrieved. We also emulate usage situations that interfere with pattern identification and show that pattern smudges continue to be recognizable. Finally we provide a preliminary analysis of applying the information learned in a smudge attack to guessing an Android password pattern. 1 Introduction Personal computing devices now commonly use touch screen inputs with application-defined interactions that provide a more intuitive experience than hardware keyboards or number pads. Touch screens are touched so oily residues or smudges remain on the screen as a side effect. Latent smudges may be usable to infer recently and frequently touched areas of the screen - a form of information leakage. This paper explores the feasibility of smudge attacks where an attacker by inspection of smudges attempts to extract sensitive information about recent user input. We provide initial analysis of the capabilities of an attacker who wishes to execute a smudge attack. While