Article Preview
TopIntroduction
The use of smartphones and similar mobile devices nowadays has extended beyond phone calls and text messages. As smartphones become smarter and able to run applications and perform many functions of the personal computers, people are using them widely as their personal organisers, resulting in many important and confidential information being stored in the smartphones. This has thus increased the need to protect the smartphones from unauthorised access. Realising that no device as sophisticated as a smartphone or a tablet is completely secure in situ, device manufacturers and developers are doing their best to ensure the safety of users’ information stored in their smartphones. One of the means to do this is through the provision of screen locking, which comes in a number of types including slide lock, keypad lock and pattern lock (Shin, Park, Lee, & Park, 2012). In slide lock, screen unlocking is achieved by tapping and sliding the screen in a pre-defined direction, often horizontal. Another implementation of slide lock allows sliding to be made in any direction, also known as glass lock (Shin et al., 2012). Keypad lock, on the other hand, uses a set of pre-defined and ordered personal identification numbers (PINs) or password to unlock the screen. The former is also known as digit lock. It often requires users to enter their PINs by tapping on the numbers displayed on the screen. As opposed to PINs, passwords can be alphanumeric. Finally, in pattern lock, a pre-defined pattern drawn over a grid of dots is used to unlock the screen. Pattern lock provides bigger password space size than say, a four-digit PIN.
In terms of security, slide lock is obviously not secure as it only requires the user to slide the screen to unlock the phone. The purpose of its invention is to keep the phone from accidentally turning itself on and activating its applications while it is in your pocket or purse. Keypad lock and pattern lock, while more secure, are somehow vulnerable to attacks, such as smudge attack, shoulder surf attack and camera attack. Smudge attack is caused by oily residues, that is, smudges, left on the touch screen surface. The presence of residual oils on touchscreen devices increases the likelihood of an attacker gaining unauthorised access to the device due to the smudges’ persistence that makes them difficult to be obscured or deleted, especially with the availability of equipment to collect and analyse them (Aviv, Gibson, Mossop, Blaze, & Smith, 2010). Shoulder surf attack on the other hand uses direct observation techniques, such as looking over someone’s shoulder, to obtain the unlock combination. Shoulder surfing is highly likely in crowded places where it is relatively easy to stand next to people and watch unnoticed as they unlock their devices. With the aid of binoculars and other vision-enhancing devices, longer distance shoulder surfing can also be done (Rouse, 2005) and with the help of a camera, it is also known as camera attack (Winkler et al., 2015). While shoulder surf is a risk for both touch screen and keypad-based screen locking, smudge attack is only a threat for touch screen devices.