Researchers at the University of Pennsylvania are warning that residual fingerprints left behind on a touchscreen mobile device may help an attacker figure out a user’s password.
According to InformationWeek, the researchers examined two different Android smartphones, the HTC G1 and the HTC Nexus1. The research showed a complete smudge pattern two-thirds of the time, with researchers being able to partially identify one 96 percent of the time.
However, Android phones do have the protection of making a user enter his or her Google username and password to authenticate after 20 failed password attempts. The article notes:
The good news is that for now, even with a smudge attack, an attacker typically wouldn’t be able to reduce the password space to 20 or fewer possibilities. But going forward, don’t rule out the possibility that enterprising attackers may add on additional techniques to help see through smudges.