"Touchscreens are touched, so oily residues, or smudges, remain on the screen as a side effect," the report said. "Latent smudges may be usable to infer recently and frequently touched areas of the screen – a form of information leakage."More details at PC Pro.
The researchers tested Android handsets because the Google OS uses a graphical password, with users tracing a pattern on the phone to unlock the device. In ideal lighting conditions, the researchers managed to decipher the phone’s password 92% of the time by taking photos of the screen and bumping up the contrast.
Touchscreens vulnerable to smudge attacks
Posted on Thursday, August 12 2010 @ 11:00 CEST by Thomas De Maesschalck
Security researchers from the University of Pennsylvania have demonstrated how passwords entered on touchscreen devices can be revealed by analyzing smudges left behind by your fingers. Graphical passwords like the one used by Google's Android OS are very vulnerable to this attack, the researchers found that they could decipher the phone's password 92 percent of the time by photographing the screen and adjusting the contrast to enhance the pattern. If your touchscreen device has sensitive data, it may be a good idea to wipe the screen every once in a while.