Information Technology Reference
In-Depth Information
Smudge attack
In rare cases, a smudge attack may be used to deduce the password of a touchscreen mobile
device. The attack relies on identifying the smudges left behind by the user's fingers. While
this may present a bypass method, it must be said that a smudge attack is unlikely since
most Android devices are touchscreen and smudges will also be present from using the
device. However, it has been demonstrated that under proper lighting, the smudges that are
left behind can be easily detected as shown in the following screenshot (
ht-
tp://www.securitylearn.net/tag/android-passcode-bypass/
). By analyzing the smudge marks,
we can discern the pattern that is used to unlock the screen. This attack is more likely to
work while discerning the pattern lock on the Android device. In some cases, PIN codes
can also be recovered depending upon the cleanliness of the screen. So, during a forensic
investigation, care should be taken when the device is first handled to make sure that the
screen is not touched.
Smudges visible on a device under proper lighting (source: https://viaforensics.com/wpin-
stall/wp-content/uploads/smudge.png)
