Meaning of smudge attack | Babel Free

Definitions

A method used to crack the password of a touchscreen device by analysing the oily smears left on the device's screen by the user's fingers.

Examples

“Touch screens are touched, so oily residues, or smudges, remain on the screen as a side effect. Latent smudges may be usable to infer recently and frequently touched areas of the screen – a form of information leakage. This paper explores the feasibility of smudge attacks, where an attacker, by inspection of smudges, attempts to extract sensitive information about recent user input.”

“The OTP [one-time password] mechanism that financial institutions adopted utilizes a one-time password displayed on OTP device, so it is vulnerable to shoulder surfing attacks (SSA) and smudge attacks.”

“However, the fixed keypad lock can be easily unlocked by brute force attacks and the pattern lock is vulnerable to smudge attacks.”

“[A]rguably, picture passwords are a little more secure on desktops than on touchscreen devices, because you don't have to worry about anyone guessing your gesture password by examining your monitor for greasy fingerprints. That last scenario may sound like something out of a trashy espionage thriller, but the threat of a "smudge attack" is real enough to warrant serious study. Researchers at the University of Pennsylvania coined the term in 2010 when they were able to successfully deduce gesture passwords used to unlock Android phones from smudge marks left on the screen.”

CEFR level