The oil from your fingers can show a hacker your smartphone password, but there’s a new solution that doesn’t involve frequent hand-washing and screen buffing.
Students from the Universidade Federal de Minas Gerais in Brazil have devised a security feature called NomadiKey. It protects people from revealing their login password by making the password keys on a phone’s lockscreen about a fourth of the size and rearranging each key’s location each time it’s opened.
Smudge hacks aren’t the type of hacks that pop up daily in the news. They are possible, however, and cyber experts found smudge hacks can successfully unlock a phone up to 92 percent of the time, according to IEEE Spectrum. Fingerprint scanners get around this problem, but for every other touchscreen phone out there, beware the fingerprint oil.
NomadiKey works by leveling the finger grease playing field. It scrambles the location of a phone’s unlock keys each time so specific areas don’t become obvious points of heavy use. This makes it harder for a potential hacker to guess which keys are used for a password. According to a study from Leibniz University Hannover in Germany, people unlock their phones up to nine times per hour. That’s a lot of finger grease build up.
People aren’t likely to start flocking to NomadiKey. Artur Luis de Souza, one of the students working on NomadiKey, is fully aware how casually many people treat cybersecurity.
“People are more concerned about it being simple or easy to use than it being secure,” de Souza said, according to IEEE Spectrum.
It takes more time to unlock a phone with NomadiKey, but the 18 people that tested the feature got faster as they used it.
Add the low likelihood of smudge hacks to a lackadaisical attitude about cybersecurity, and there’s a small market for potential NomadiKey users. But that doesn’t mean it isn’t effective.
Even if it doesn’t get picked up by a large audience, NomadiKey could hold sway with the population of people who cover their laptop cameras with tape and buy camera-covering phone cases. The student developers haven’t made NomadiKey public, but a prototype is ready for any company who wants to invest in a little extra security.
Here’s the full paper: