- Hello,
A friend of mine discovered this and shared it with me. I've been using picture password for 3 years and never noticed this. Not something I'm terribly concerned about because most non-bb10 users have never seen picture password before.
If someone can watch you unlock your phone, and understand how picture password works, all they need to do is choose and memorize any number and its location. They also need to memorize the number spacing/density.
If that person then gets a hold of the phone, they can typically unlock the phone within 5 tries. During each attempt, if the spacing isnt the same, then just power off the screen and try again - this resets the spacing without using up an attempt.
The person just places their number over the same spot they picked.
The vulnerabiltity results from a lack of randomness in the grid generation. It seems that within 5 tries, the grids can recycle. The attacker wont learn the true intended digit/location combo, but the potential to unlock the phone again exists.
Give it a shot on your bb10. I havent tried it on BlackBerry android yet.
As long as we unlock our phones quickly it will reduce the risk of an attacker being able to memorize the info needed to unlock the phone.
BlackBerry could reduce the risk further by producing more random grids, that arent composed of square lattices.Last edited by chetmanley; 02-13-17 at 02:48 PM. Reason: grammer
1122334455667788 likes this.02-12-17 01:39 PMLike 1 - I understand what your saying but I don't really think it's that big of an issue.
I've used it for about 3 years like yourself and I don't remember a time where I've unlocked my phone in front of someone more than once for them to remember the spacing. If I'm in a public place and someone is looking over my shoulder I would still feel happy enough to unlock my phone and know they have no clue what I'm doing.
I'm sure phone users who lock their phone with 4 digit passcodes and patterns don't purposely unlock their phone in front of someone 4/5 times because of course they will be able to guess it.
Just be happy that BlackBerry have this feature and we are more secure than non Blackberry users
Posted via CB10 on my Classic02-12-17 01:47 PMLike 0 - Hello,
A friend of mine discovered this and shared it with me. I've been using picture password for 3 years and never noticed this. Not something I'm terribly concerned about because most non-bb10 users have never seen picture password before.
If someone can watch you unlock your phone, and understand how picture password works, all they need to do is choose and memorize the location of any number and its location. They also need to memorize the number spacing.
If that person then gets a hold of the phone, they can typically unlock the phone within 5 tries. During each attempt, if the spacing isnt the same, then just power off the screen and try again - this resets the spacing without using up an attempt.
The person just places their number over the same spot they picked.
The vulnerabiltity results from a lack of randomness in the grid generation. It seems that within 5 tries, the grids can recycle. The attacker wont learn the true intended digit/location combo, but the potential to unlock the phone again exists.
Give it a shot on your bb10. I havent tried it on BlackBerry android yet.
As long as we unlock our phones quickly it will reduce the risk of an attacker being able to memorize the info needed to unlock the phone.
BlackBerry could reduce the risk further by producing more random grids, that arent composed of square lattices.02-12-17 04:39 PMLike 0 - This only works if the user puts their finger or thumb directly on the number used and drags it to the unlock zone. A zone in the middle area defeats this because the user can drag any area on the screen an any direction to unlock. This makes guessing in 5 tries impossible.02-12-17 04:56 PMLike 3
- This only works if the user puts their finger or thumb directly on the number used and drags it to the unlock zone. A zone in the middle area defeats this because the user can drag any area on the screen an any direction to unlock. This makes guessing in 5 tries impossible.Superfly_FR and Gajja like this.02-12-17 05:01 PMLike 2
-
Edit: I see that I misread you post. So I agree with you.Last edited by ray689; 02-12-17 at 05:38 PM.
02-12-17 05:03 PMLike 0 - 02-12-17 05:16 PMLike 2
-
- This only works if the user puts their finger or thumb directly on the number used and drags it to the unlock zone. A zone in the middle area defeats this because the user can drag any area on the screen an any direction to unlock. This makes guessing in 5 tries impossible.
The user can place their finger anywhere, doesnt matter. The attacker just needs to memorize any random number, its location, and the grid spacing.
Ive been trying this all afternoon. Im at a 30-40 percent sucess rate I'd guess.
When my friend showed me on my passport, he got it on the 3rd try. When I tried it on his z10, I got it on the very first try, but thats just luck.
If you guys actually try this you will see what I'm trying to describe.02-12-17 05:22 PMLike 0 - I was confirming the behavior described by fret madden.
Anyway, he is right, i can't always reach the number if I start from the middle. But I usually can, so I start from the middle anyway and just look for the number as I move the thumb. Once every 10 unlocks I won't be able to do it.
It doesn't bother me though because I enabled smart lock with a pebble (which IMO is a bigger security risk, but whatever) which means I fail to unlock on average once a day.02-12-17 05:28 PMLike 0 - You guys aren't trackin what I'm trying to describe.
The user can place their finger anywhere, doesnt matter. The attacker just needs to memorize any random number, its location, and the grid spacing.
Ive been trying this all afternoon. Im at a 30-40 percent sucess rate I'd guess.
When my friend showed me on my passport, he got it on the 3rd try. When I tried it on his z10, I got it on the very first try, but thats just luck.
If you guys actually try this you will see what I'm trying to describe.Sairos likes this.02-12-17 05:58 PMLike 1 - Some of you guys seem rather offended by this for some reason... What I've described here is simply something worth a look considering many believe picture password to be invulnerable to onlookers.
Ray - when I say 3rd try, I mean 3rd placement attemp in the first of 5 possible placement attempts before it requires a typed password. So that is significant. Someone who has no idea what my picture password combo is was able to get into my phone with no info other than watching me unlock my phone once.
I then tried it on his phone and got it on the very first placement.
I'm not saying this is a sure thing, but it is statistically significant enough to mention to the community and a simple update by blackberry to increase the entropy would make picture password even better.02-12-17 07:12 PMLike 0 - I understand what you're saying, but my testing on my Z10 says this won't work.
- The power button to turn off the screen indeed gets me a new grid, but doesn't reset my failed attempts
- I tried over 10 times, but no grid pattern comes out the same as the first time. I randomly picked a number and a point in the picture where I unlocked it, not once was it ever close to placing the correct number over the correct part of the picture.
I don't have to do that much testing as it would lock after 10 times, right? If they managed to guess my password on the 5th try (which is like a secondary security layer already), it just means you score 5 more tries to unlock with the picture.
I'm still quite comfortable unlocking my BB10 in front of any observer, don't think they will get my unlock pattern except by sheer luck.02-12-17 10:23 PMLike 0 - This actually works. The trick is waiting for the exact same layout. Count the number of numbers both horizontally and vertically.
When watching someone unlock their phone, pick a location that has a number on it.
When trying to break in, get the right layout and move a number to the location you picked out. Since you are using the same grid, you are guaranteed to have a number in the actual unlock spot. Since the numbers are randomized, you now have a 1 out of 10 chance of unlocking the phone.
Once you take into account that you have 5 guesses, you actually have a reasonable chance of getting in.
I was successful in a test I just did where I ignored my actual number and location, and set the numbers using the method above.
This is still much more difficult than watching someone do one of the the standard Android unlock patterns, but it could certainly use some improvement.02-12-17 11:10 PMLike 0 -
Also note that requesting a new pattern does not add to the unlock attempt count.02-12-17 11:15 PMLike 0 - Can someone please record this and put on youtube so we can all see? It's not that I don't believe it, it sounds like it could be legit, but I seriously can't reproduce it no matter how many attempts I try. Would really like someone to do a youtube demo because if there is even a tiny chance of a security risk, we need to alert Blackberry so they can patch it.
Posted via CB1002-13-17 07:01 AMLike 0 -
I pick MY OWN number and location randomly just before you let go and login.
I guess going quickly would make it harder for me to memorize a location and the grid type.
Honestly it would take good eyes and memory for someone to actually succeed.02-13-17 08:26 AMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
Picture Password vulnerability
Similar Threads
-
Does the DTEK50 have picture password?
By oberkfell in forum BlackBerry DTEK50Replies: 15Last Post: 04-04-17, 06:19 PM -
Unable to Upload Pictures to my PC and Facebook
By OneMoreQuestion in forum BlackBerry PrivReplies: 8Last Post: 02-12-17, 12:33 PM -
How to export Password Keeper data from Priv back to BB10
By GEO1ER in forum Ask a QuestionReplies: 2Last Post: 02-12-17, 07:29 AM -
How to turn off camera noise while taking a picture?
By cb_arjun_cb in forum Ask a QuestionReplies: 1Last Post: 02-09-17, 12:49 AM -
Exporting Password Keeper records
By Powdah in forum Ask a QuestionReplies: 3Last Post: 02-08-17, 08:08 PM
LINK TO POST COPIED TO CLIPBOARD