"Defending Against Smudge Attacks"

Many people use a Personal Identification Number (PIN) to lock their smartphone in order to prevent a third party from accessing their contacts, messages, and other stored information in the event that the device gets lost or stolen. However, a malicious third party could make out the numbers likely used in a PIN through the performance of a smudge attack. In this attack, the third party looks at the smudges on a smartphone's screen left by the user's fingertips to have a good guess at the digits in the user's PIN. The obvious solution to this attack is to clean the phone's screen immediately after entering a PIN. Another approach to preventing smudge attacks would be to add a randomized keypad to smartphones for unlocking. The randomized keypad would arrange the numbers 0 to 9 differently each time a user unlocks their phone, thus preventing the build-up of frequently smudged keys and the success of a smudge attack. A scrambled key is currently not a feature offered by Android or iOS devices. A team of researchers from the New Mexico Institute of Mining and Technology in Socorro demonstrated how a scrambled keypad could be implemented to protect smartphones from smudging attacks. They explored the usability and security of the scrambled keypad. The researchers also emphasized that this type of keypad could reduce the risk of someone illicitly obtaining a user's PIN by shoulder surfing. This article continues to discuss the concept of a smudging attack, the use of a randomized keypad as a possible solution to this attack, and the study on the implementation of a scrambled keypad to protect smartphones against smudging attacks. 

Homeland Security News Wire reports "Defending Against Smudge Attacks"