Face, Finger, Pattern, PIN unlock on Android

The Android OS offers essentially two software unlock features,  the PIN unlock and the Pattern unlock. To examine these two from a purely mathematical perspective, that is to calculate the number of combinations is not a trivial task for patterns. However given that most people would choose patterns that are easier to remember, will restrict the search space. For example, the below case is rarely encountered. Additionally, most people will also try to restrict the number of dots connected thus further limiting the search space for a dictionary attack.

The number of PIN unlock combinations however is easily calculated with simple probability theory. An ‘n’ digit PIN has (10n ) combinations. The maximum digits that can be used is 16 (on Gingerbread), giving us a search space of 10 quadrillion . To look at it from a social engineering perspective, when you tilt the phone to an angle, under the right lighting conditions you are likely to find traces of the pattern because of thumb imprints thus possibly allowing the attacker to posses whole or part of the pattern.

Other unlock mechanisms include the Face Unlock (on Ice Cream sandwich) which has been dissed because it works even with pictures and fails to identify an actual person.

Another option which has received less media attention was the finger print scanner, the first ATRIX features a fingerprint scanner, which actually has more tolerance to security attacks but unfortunately Motorola discontinued this feature in the second ATRIX. In my opinion the finger print scanner offers the best possible security unlock feature all things considered. Just for sanity sake it might best to default to a 16 digit PIN or an atypical Pattern.

Advertisements

About krithik

An Electrical Engineer by training, who occasionally dabbles in programming and design.
This entry was posted in theblog and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s