{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T21:56:18Z","timestamp":1753739778906,"version":"3.41.0"},"reference-count":53,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2018,7,24]],"date-time":"2018-07-24T00:00:00Z","timestamp":1532390400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Royal Society International Collaboration Grant","award":["IE161012"],"award-info":[{"award-number":["IE161012"]}]},{"name":"China Computer Federation-NSFOCUS Kunpeng","award":["CCF-NSFOCUS2017009"],"award-info":[{"award-number":["CCF-NSFOCUS2017009"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61672427, 61672428, 61572402"],"award-info":[{"award-number":["61672427, 61672428, 61572402"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"UK Engineering and Physical Science Research Council","award":["EP\/M01567X\/1(SANDeRs), EP\/M015793\/1(DIVIDEND)"],"award-info":[{"award-number":["EP\/M01567X\/1(SANDeRs), EP\/M015793\/1(DIVIDEND)"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2018,11,30]]},"abstract":"<jats:p>Pattern lock is widely used for identification and authentication on Android devices. This article presents a novel video-based side channel attack that can reconstruct Android locking patterns from video footage filmed using a smartphone. As a departure from previous attacks on pattern lock, this new attack does not require the camera to capture any content displayed on the screen. Instead, it employs a computer vision algorithm to track the fingertip movement trajectory to infer the pattern. Using the geometry information extracted from the tracked fingertip motions, the method can accurately infer a small number of (often one) candidate patterns to be tested by an attacker. We conduct extensive experiments to evaluate our approach using 120 unique patterns collected from 215 independent users. Experimental results show that the proposed attack can reconstruct over 95% of the patterns in five attempts. We discovered that, in contrast to most people\u2019s belief, complex patterns do not offer stronger protection under our attacking scenarios. This is demonstrated by the fact that we are able to break all but one complex patterns (with a 97.5% success rate) as opposed to 60% of the simple patterns in the first attempt.<\/jats:p>\n          <jats:p>We demonstrate that this video-side channel is a serious concern for not only graphical locking patterns but also PIN-based passwords, as algorithms and analysis developed from the attack can be easily adapted to target PIN-based passwords. As a countermeasure, we propose to change the way the Android locking pattern is constructed and used. We show that our proposal can successfully defeat this video-based attack. We hope the results of this article can encourage the community to revisit the design and practical use of Android pattern lock.<\/jats:p>","DOI":"10.1145\/3230740","type":"journal-article","created":{"date-parts":[[2018,7,24]],"date-time":"2018-07-24T14:41:49Z","timestamp":1532443309000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":36,"title":["A Video-based Attack for Android Pattern Lock"],"prefix":"10.1145","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2074-4253","authenticated-orcid":false,"given":"Guixin","family":"Ye","sequence":"first","affiliation":[{"name":"Northwest University, China"}]},{"given":"Zhanyong","family":"Tang","sequence":"additional","affiliation":[{"name":"Northwest University, China"}]},{"given":"Dingyi","family":"Fang","sequence":"additional","affiliation":[{"name":"Northwest University, China"}]},{"given":"Xiaojiang","family":"Chen","sequence":"additional","affiliation":[{"name":"Northwest University, China"}]},{"given":"Willy","family":"Wolff","sequence":"additional","affiliation":[{"name":"Lancaster University, U.K."}]},{"given":"Adam J.","family":"Aviv","sequence":"additional","affiliation":[{"name":"Naval Academy, U.S.A."}]},{"given":"Zheng","family":"Wang","sequence":"additional","affiliation":[{"name":"Lancaster University, U.K., and Xi'an University of Posts 8 Telecommunications, China"}]}],"member":"320","published-online":{"date-parts":[[2018,7,24]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025461"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/AMS.2008.136"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-07620-1_11"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818014"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664253"},{"volume-title":"Proceedings of the 4th USENIX Conference on Offensive Technologies. 1--7.","author":"Aviv Adam J.","key":"e_1_2_1_6_1"},{"volume-title":"Proceedings of the USENIX Twelfth Symposium on Usable Privacy and Security (SOUPS\u201916)","author":"Adam","key":"e_1_2_1_7_1"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.20"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2007.903539"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.28"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2013.11.010"},{"key":"e_1_2_1_12_1","unstructured":"Nick Berry. 2012. PIN analysis. Retrieved from http:\/\/www.datagenetics.com\/blog\/september32012\/index.html.  Nick Berry. 2012. PIN analysis. Retrieved from http:\/\/www.datagenetics.com\/blog\/september32012\/index.html."},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2333112.2333114"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"volume-title":"IEEE Conference on Software Engineering Education and Training (CSEE&T) 128","year":"2013","author":"Chimalakonda Sridhar","key":"e_1_2_1_16_1"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2005.04.020"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660273"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3025636"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1086\/269125"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2008.300"},{"key":"e_1_2_1_22_1","unstructured":"Zdenek Kalal. TLD: Tracking-Learning-Detection. Retrieved from http:\/\/kahlan.eps.surrey.ac.uk\/featurespace\/tld\/.  Zdenek Kalal. TLD: Tracking-Learning-Detection. Retrieved from http:\/\/kahlan.eps.surrey.ac.uk\/featurespace\/tld\/."},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2011.239"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.38"},{"key":"e_1_2_1_25_1","unstructured":"Markus Guenther Kuhn. 2002. Compromising Emanations: Eavesdropping Risks of Computer Displays. Ph.D. Dissertation. University of Cambridge.  Markus Guenther Kuhn. 2002. Compromising Emanations: Eavesdropping Risks of Computer Displays. Ph.D. Dissertation. University of Cambridge."},{"key":"e_1_2_1_26_1","volume-title":"Applied linear regression models","author":"Kutner Michael H.","year":"2004","edition":"5"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2016.7524368"},{"volume-title":"Tell Me Who You Are and I Will Tell You Your Unlock Pattern. Master\u2019s thesis","author":"L\u00f8ge Marte Dybevik","key":"e_1_2_1_28_1"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2207676.2208544"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2093498"},{"volume-title":"van Oorschot","year":"2007","author":"Mannan Mohammad","key":"e_1_2_1_31_1"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516726"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046769"},{"volume-title":"Please enter your four-digit pin. Financial Services Technology","year":"2007","author":"Rogers J.","key":"e_1_2_1_34_1"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2632048.2636090"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516659"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660360"},{"volume-title":"Proceedings of the Ninth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies (UBICOMM\u201915)","year":"2015","author":"Siadati Hossein","key":"e_1_2_1_38_1"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702365"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.3758\/BF03337426"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.10.001"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2006.189"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2014.10.009"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2002.1033214"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516700"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702202"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1463160.1463202"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516709"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2002.1023803"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23130"},{"volume-title":"Blind recognition of touched keys: Attack and countermeasures. CoRR abs\/1403.4829","year":"2014","author":"Yue Qinggang","key":"e_1_2_1_51_1"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2449396.2449432"},{"key":"e_1_2_1_53_1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1155\/2016\/8793025","article-title":"Privacy leakage in mobile sensing: Your unlock passwords can be leaked through wireless hotspot functionality","volume":"2016","author":"Zhang Jie","year":"2016","journal-title":"Mobile Inf. Syst."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2789168.2790106"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3230740","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3230740","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T00:57:30Z","timestamp":1750208250000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3230740"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,7,24]]},"references-count":53,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2018,11,30]]}},"alternative-id":["10.1145\/3230740"],"URL":"https:\/\/doi.org\/10.1145\/3230740","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2018,7,24]]},"assertion":[{"value":"2017-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-07-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}