New research from researchers in Sweden and the UK reveals that hackers would be able to steal the unlock pattern of your Android phone by turning the device into an improvised sonar system. Using the speakers and microphones in a handset, the sonar would be able to pick up the movements of fingers against the screen and determine possible patterns that could unlock the phone.
The technique is named SonarSnoop, ZDNet reports, and uses FingerIO (seen in the video below) as the primary source of inspiration. FingerIO is a smartwatch interaction model published back in March 2016, which proposes the use of a sonar-like system to pick up hand gestures and translate them into actions on the screen.
SonarSnoop, meanwhile, is the malicious version of FingerIO, but you shouldn’t panic over it. Using this method, hackers would be able to reduce the number of possible unlock patterns by 70% thanks to the machine learning algorithms built into the attack. But deploying the attack in the real world isn’t terribly realistic in this day and age.
As it stands right now, you shouldn’t even rely on unlock patterns to protect your phone. Most Android phones ship with fingerprint sensors, which are a lot more secure than pattern unlocks. If you use an older device, you might want to set up a strong passcode rather than an unlock pattern, even if the latter feels more convenient. Also, you can set up your phone to wipe all data after a number of failed unlock attempts. Finally, make sure your Android gadget runs the latest software available for it, especially when it comes to security patches.
If you do use an old Android phone that lacks a fingerprint sensor and you like unlock patterns, then make sure you don’t install Android apps from unknown sources. Stick to the Google Play store to avoid installing malware. For SonarSnoop to work, a malware app would have to be installed on the phone. And if hackers get you to install malware on your device, they may be able to spy on your every move without even having to steal your unlock pattern.
The research also applies to other kinds of devices that have microphones and speakers, however, so SonarSnoop-like hacks might be used for other purposes than to steal an unlock pattern of an Android phone. The full paper is available at this link.