Smudge attack
Discerning a password via screen smudges / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Smudge attack?
Summarize this article for a 10 year old
A smudge attack is an information extraction attack that discerns the password input of a touchscreen device such as a cell phone or tablet computer from fingerprint smudges. A team of researchers at the University of Pennsylvania were the first to investigate this type of attack in 2010.[1][2] An attack occurs when an unauthorized user is in possession or is nearby the device of interest. The attacker relies on detecting the oily smudges produced and left behind by the user's fingers to find the pattern or code needed to access the device and its contents.[2] Simple cameras, lights, fingerprint powder, and image processing software can be used to capture the fingerprint deposits created when the user unlocks their device. Under proper lighting and camera settings, the finger smudges can be easily detected, and the heaviest smudges can be used to infer the most frequent input swipes or taps from the user.[1]
Smudge attacks are particularly successful when performed on devices that offer personal identification numbers (PINs), text-based passwords, and pattern-based passwords as locking options.[3] There are various proposed countermeasures to mitigate attacks, such as biometrics, TinyLock, and SmudgeSafe, all which are different authentication schemes.[4][5][6] Many of these methods provide ways to either cover up the smudges using a stroking method or implement randomized changes so previous logins are different from the current input.