The pattern lock system used by millions of Android users to secure their phones can be cracked in just five attempts simply by observing hand movements, security experts have claimed.
A study by universities in the UK and China revealed found that the system can be compromised by covertly filming someone unlocking their phone from and feeding this into a computer vision program capable of matching finger movement with the position of the device.
During tests involving 120 participants, the software was able to guess 95% of patterns within five attempts even when the device's screen wasn't visible. Interestingly, the researchers found that more complex patterns were easier to crack than simpler ones.
Pattern Lock is a common security feature on Android smartphones and tablets that allows users to set a unique pattern that they can use to unlock their device in place of a PIN or password. Users set the pattern by connecting a series of dots on a grid; this pattern must then be entered correctly to access the device.
According to research from Lancaster University, Northwest University in China, and the University of Bath, this unlock method isn't as secure as users might think. After being fed footage, the computer vision software was able to draw up a list of possible unlock patterns based on the direction their finger moved in and the position of the phone relative to the camera.
The researchers found that they were able to crack all but one of the patterns classed as "complex" within the first attempt. They were able to successfully crack 87.5% of moderately complex patterns and 60% cent of simple patterns on the first try.
This worked with video recorded on a mobile phone from up to 2.5 metres away, or on a DSLR camera at a distance of up to nine metres. Contrary to the assumption that a more complex pattern would make a device more secure, the researchers explained that the more precise fingertip movements required made it easier for the software to narrow possible options.
Dr Zheng Wang, principle investigator and co-author of the paper, said: "Pattern Lock is a very popular protection method for Android devices. As well as for locking their devices, people tend to use complex patterns for important financial transactions such as online banking and shopping because they believe it is a secure system. However, our findings suggest that using Pattern Lock to protect sensitive information could actually be very risky."
According to the researchers, around 40% of Android users rely on a pattern lock to secure their device. While this type of attack is probably going to be uncommon, they suggested that users should hide their hands completely when entering an unlock pattern to avoid being compromised.
It's worth noting that most Android smartphones will automatically lock-out if a PIN, password or unlock pattern is entered incorrectly more than five times.
Earlier in January, Japan's National Institute of Informatics (NII) warned smartphone users against flashing the peace sign in photos on the grounds that cyber-criminals may be able to steal their fingerprints and use them to commit identity theft.