“Smudge attack”的意思、由来-开放百科全书

A smudge attack is a method to discern the password pattern of a touchscreen device such as a cell phone or tablet computer. The method was investigated by a team of University of Pennsylvania researchers^[1] and reported at the 4th USENIX Workshop on Offensive Technologies.^[1]

The smudge attack relies on detecting the oily smudges left behind by the user's fingers when operating the device using simple cameras and image processing software. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent user input pattern (the password). The researchers were able to break the password up to 68% of the time under proper conditions.^[1]

The research was widely covered in the technical press, including reports on PC Pro,^[2] ZDNet,^[3] and Engadget.^[4]

Once the threat was recognized, at least one product was introduced by Whisper Systems to mitigate the risk.^[5]

References

1. ^¹²{{cite conference |url=http://static.usenix.org/events/woot10/tech/full_papers/Aviv.pdf |title=Smudge Attacks on Smartphone Touch Screens |first1=Adam J.|last1=Aviv |first2=Katherine|last2=Gibson |first3=Evan|last3=Mossop |first4=Matt|last4=Blaze |first5=Jonathan M.|last5=Smith |conference=4th USENIX Workshop on Offensive Technologies |conferenceurl=http://static.usenix.org/events/woot10/}}
2. ^{{cite web |url=http://www.pcpro.co.uk/news/security/360220/touchscreens-open-to-smudge-attacks |work=PC Pro |title=Touchscreens open to smudge attacks |first=Nicole|last=Kobie |date=11 August 2010 |accessdate=20 June 2012}}
3. ^{{cite web |url=http://www.zdnet.com/blog/security/researchers-use-smudge-attack-identify-android-passcodes-68-percent-of-the-time/7165 |title=Researchers use smudge attack, identify Android passcodes 68 percent of the time |work=ZDNet |first=Dancho|last=Danchev |date=16 August 2010 |accessdate=20 June 2012}}
4. ^{{cite web |url=https://www.engadget.com/2010/08/16/shocker-touchscreen-smudge-may-give-away-your-android-password/ |title=Shocker: Touchscreen smudge may give away your Android password pattern |work=Engadget |first=Richard|last=Lai |date=16 August 2010 |accessdate=20 June 2012}}
5. ^{{cite web|url=http://www.whispersys.com/screenlock.html |title=Android and data loss protection (archived web page) |publisher=Whisper Systems |accessdate=28 June 2012 |deadurl=unfit |archiveurl=https://web.archive.org/web/20120628215540/http://www.whispersys.com/screenlock.html |archivedate=June 28, 2012 }}