Friday, December 11, 2009

"Locking" Touch Screen Devices

Do you have a touch-screen device like an iPhone, Android-based phone, or one of the others that require you to use your finger?

If so, do this for me.  Take out the device, and don't power it on yet or touch the screen.  Hold it up against the light so you can see the smudges and fingerprints on the screen's surface.

Now thing about it for a second.

Odds are, if you're like me what you're looking at is a concentration of fingerprint "marks" on the buttons where you most commonly press.  If you're like me and have an iPhone that has a PIN set on it you turn it on/off a few dozen times a day or more right?  After the course of a full day those fingerprints are pretty well established on the buttons that are making up your PIN.  This presents a problem.

Covering specifically the Apple iPhone I've done some digging and Google'ing and found a few manufacturers that sell "fingerprint resistant" screen protectors, but I've tried a few both off eBay and some bought at the Apple Store and none of them actually resist fingerprints that well.  Not well enough, anyway.

The issue comes down to the way that the iPhone's security is set up.  Clearly it's not meant to be a high-security device, as it's a "toy" by nature.  My wife's T-Mobile G1 touch-screen device is a little different and you can tell the HTC (manufacturer of the device) engineers actually tried to think things through.  First, it's not just buttons you press but a multi-point swipe you make with your finger on the G1.  It's like a big connect-the-dots game where you don't pick up your finger just connect a few dots ... that's your "PIN".  This is significantly more difficult to find patterns in since you're effectively creating smudges (lines) when you input your PIN.

While HTC's way is clearly better, at least to me it seems that way, both have the flaw that they pick up grease from our fingers and leave it there for someone who wants to get into your device to follow.  You don't even need fingerprint dust, or Krazy Glue (see fume trick the CSIs do on TV) ... you just have to hold your device up to the light at a certain angle and guess the password.  With there being typically a 4-digit PIN on devices like the iPhone it's not hard to figure out the combination when the total space is 256 combinations!  Throw in a little TV CSI magic and you can probably get it in a few tries.

The advice then?  When you are using your device WIPE OFF YOUR FINGERPRINT MARKS!  It's a simple, easy way to protect your device from being victimized when you're not looking.

Good luck!

4 comments:

SmudgeHater said...

I like shiny things. I keep my touchscreens clean. Grab a microfiber cleaning cloth. They work well.

Bil Corry said...

I like the scramble pad idea from @chiefmonkey:

http://blogs.ittoolbox.com/security/investigator/archives/dear-apple-why-doesnt-my-iphone-have-a-scramble-pad-24597

Robin said...

I've got a G1 and I think the PIN method might be safer. With the join the dots method you can see the obvious track left behind so it is fairly easy to repeat, with the PIN you may be able to see which 4 digits are used but you have to get the right order. I don't know what the lockout process is on the iPhone (G1 has one after a few attempts) but if it has a low threshold then it might keep you more secure.

Information Amplifier said...

You could always try these bizarre finger gloves. LOL

http://www.stupidiotic.com/product_info.php?cPath=9_15&products_id=151

Google+