Unlock Devices – Shoulder Surfing Attacks
Researchers have warned that users should stop utilising patterns to unlock their devices. According to latest study it has been observed that it seems much easier for people to glance over your shoulder while the user unlock his phone and memorise a pattern than a passcode.
According to the researchers, the so-called `shoulder surfing attacks’ could be cool for a criminal to intend and execute, though the user can protect themselves by turning to a PIN code and on increasing its length from four digits to six. They acquired more than 1,000 volunteers to pose as attackers, challenging them to memorise a range to unlock authentications of four and six digit PINs and four-and six-length patterns with and without tracing lines, by observing a victim over their shoulder from a variety of angles.
The two handsets utilised in the study were the 5-inch Nexus 5 and 6-inch OnePlus One which according to the researchers were identical to a wide variety of displays and form factors available in the present market for Android as well as iPhone. Moreover the researchers also measured single and various views for the attacker with two different hand positions for the victim for single-handed thumb input as well as two-handed index-finger input.
PINs – Most Secure
They observed from the research that four-length patterns having visible lines had been quite easy to unlock owing to shoulder surfing than any other means to unlock authentication that was tested. Researchers from United States Naval Academy and the University of Maryland commented that they observed that PINs were the most secure to shoulder surfing attacks and though both types of pattern input were poor, patterns without lines provided greater security.
Moreover the length of the input also tends to have an impact and longer authentication seemed more secure to shoulder surging. In addition, if the attacker tends to have multiple-views of the authentication, then the performance of the attacker is greatly improved. During the experiments about 10.8% of six-digit PINs were successful to unlock after a single observation and this figure increased to 26.5% after two observations. Around 62.5% of six-length patterns having tracing lines on the other hand could unlock after a single observation which increased to 79.9% after two observations.
Shorter Patterns More Susceptible
About 35.3% of six-length patterns devoid of tracing lines could unlock after a single viewing which rose to 52.1% after two observations. The researchers stated that shorter patterns had been even more susceptible, adding that even individuals using fingerprint or face-scanning technology for the purpose to unlock their phones need to be wary of their discoveries.
They further stated that biometrics seems to be a promising advancement in mobile authentication, though they can be considers a reaauthenticator or a secondary-authentication device since individual tend to need to have a PIN or pattern which they could enter somewhat often owing to environmental impacts for instance, wet hands.
There are also instances of high false negatives rates linked with biometrics. Besides this user with biometrics tend to opt for weaker PINs in comparison to those without, signifying that the classical unlock authentication tends to be an important attack course going forward. From a separate research published earlier in the year, it was observed that most of the security device patterns can unlock within a span of five attempts.
Researchers have warned that users should stop utilising patterns to unlock their devices. According to latest study it has been observed that it seems much easier for people to glance over your shoulder while the user unlock his phone and memorise a pattern than a passcode.
According to the researchers, the so-called `shoulder surfing attacks’ could be cool for a criminal to intend and execute, though the user can protect themselves by turning to a PIN code and on increasing its length from four digits to six. They acquired more than 1,000 volunteers to pose as attackers, challenging them to memorise a range to unlock authentications of four and six digit PINs and four-and six-length patterns with and without tracing lines, by observing a victim over their shoulder from a variety of angles.
The two handsets utilised in the study were the 5-inch Nexus 5 and 6-inch OnePlus One which according to the researchers were identical to a wide variety of displays and form factors available in the present market for Android as well as iPhone. Moreover the researchers also measured single and various views for the attacker with two different hand positions for the victim for single-handed thumb input as well as two-handed index-finger input.
PINs – Most Secure
They observed from the research that four-length patterns having visible lines had been quite easy to unlock owing to shoulder surfing than any other means to unlock authentication that was tested. Researchers from United States Naval Academy and the University of Maryland commented that they observed that PINs were the most secure to shoulder surfing attacks and though both types of pattern input were poor, patterns without lines provided greater security.
Moreover the length of the input also tends to have an impact and longer authentication seemed more secure to shoulder surging. In addition, if the attacker tends to have multiple-views of the authentication, then the performance of the attacker is greatly improved. During the experiments about 10.8% of six-digit PINs were successful to unlock after a single observation and this figure increased to 26.5% after two observations. Around 62.5% of six-length patterns having tracing lines on the other hand could unlock after a single observation which increased to 79.9% after two observations.
Shorter Patterns More Susceptible
About 35.3% of six-length patterns devoid of tracing lines could unlock after a single viewing which rose to 52.1% after two observations. The researchers stated that shorter patterns had been even more susceptible, adding that even individuals using fingerprint or face-scanning technology for the purpose to unlock their phones need to be wary of their discoveries.
They further stated that biometrics seems to be a promising advancement in mobile authentication, though they can be considers a reaauthenticator or a secondary-authentication device since individual tend to need to have a PIN or pattern which they could enter somewhat often owing to environmental impacts for instance, wet hands.
There are also instances of high false negatives rates linked with biometrics. Besides this user with biometrics tend to opt for weaker PINs in comparison to those without, signifying that the classical unlock authentication tends to be an important attack course going forward. From a separate research published earlier in the year, it was observed that most of the security device patterns can unlock within a span of five attempts.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.