A new smart smudge attack using CNN

This paper deals with a well-known problem in the area of the smudge attacks: when a user draws a pattern to unlock the pattern lock on a smartphone screen, pattern extraction sometimes becomes difficult owing to the existence of the oily residuals around it. This is because the phone screen becomes obscured by these residuals, which significantly lower the guess rate of the pattern lock. To address this, this paper proposes a novel attack method based on a Convolutional Neural Network (CNN). CNNs are known to exhibit high accuracy in image classification. However, using only CNNs for the attack is not sufficient, because there are 389,112 possible patterns, and training the CNN for all the cases is difficult. We therefore propose two ideas to overcome the aforementioned problem. The first one is the application of ’Screen Segmentation,’ where we divide the screen into four segments to reduce the number of possible patterns to 1470 in each segment. The second is the use of pruning rules, which reduces the number of total pattern cases by combining the patterns in each segment. Furthermore, by applying the Android pattern lock constraints, we reduce the number of possible patterns. To validate the proposed idea, we collected 3500 image data by photographing the screen of Android smartphones and generated 367,500 image data based on their possible combinations. Using those data sets, we conducted an experiment whereby we investigated the success rate of our attack in various situations, dealing with different pattern lock lengths and type of prior application usage. The result shows that up to a pattern lock length of seven, the proposed method has on an average, 79% success rate, which is meaningful result in smudge attacks. In addition, in an ideal case where only the actual pattern lock is entered, without oily residuals, the proposed scheme supports an even higher performance, i.e., a 93% successful guess rate on an average.