Passwords can be forensically lifted off touchscreen phones

Passwords can be forensically lifted off touchscreen phones


Password protecting your mobile phone is quite a common act, you have private data, so you want to protect it. Unfortunately, it seems that the touchscreens on phones could effectively present a security risk.

This comes out of a University of Pennsylvania report (PDF link), saying that smartphone touchscreens have a problem that non-touchscreens don’t. You see, you leave behind just enough residue from your fingerprints on the screen that could then be “easily lifted and analyzed by would-be attackers.”

Lifting fingerprints is just the beginning. You’d think that would only come up under a cSI-like situation, but run of the mill scanners and digital cameras can capture enough evidence for a would-be hacker to reconstruct. The smudges you leave behind are “surprisingly persistent in time” and that even wiping or pocketing the device would not remove all traces.

The net result? The study found that they could find the fingerprints left behind on Android devices and identify the password pattern left on the phone. That “security code” of yours? Not so secure anymore.

Our solution? Change your password frequently to create a wider range of smudges on your touchscreen.

Touchscreens on phones a security risk, researchers say [MobileBurn]