[1122334455667788]

So how would an attacker be able to determine where to move it to line it up?

They don't unless they have seen you do it.
There was a really good explanation already posted.
Essentially the attacker sees a correct login and picks a number and point (it doesn't matter that it's probably the wrong number and point). They then line up the number they picked with the spot they picked. This ensures the grid is aligned correctly. Since the grid is perfectly aligned, there must be a number in the real spot. There's a 1 out of 10 chance it's the correct number.

[anon(2313227)]

I also do not (and i do) see the math in this. You have to wait for the grid to match, then it is a 1 in 10 chances it will line up to the correct number. You are saying odds are 5 chances you will get the number right.

[1122334455667788]

You are saying odds are 5 chances you will get the number right.

No.
Apparently the attacker has a 41% chance of success (assuming perfect memory or a picture).

[Thud Hardsmack]

They don't unless they have seen you do it.
There was a really good explanation already posted.
Essentially the attacker sees a correct login and picks a number and point (it doesn't matter that it's probably the wrong number and point). They then line up the number they picked with the spot they picked. This ensures the grid is aligned correctly. Since the grid is perfectly aligned, there must be a number in the real spot. There's a 1 out of 10 chance it's the correct number.

So long story short, sans math, they're just copying the grid movement they see and hoping for a win?

[1122334455667788]

So long story short, sans math, they're just copying the grid movement they see and hoping for a win?

I guess so.

[Andrew4life]

I have done the calculations before. There is an old post that I'm too lazy to dig up.
If you do it completely randomly, then the chance of guessing it is 1 in 1000.
If you are looking at someone enter it, then the chance is 1 in 10. As the numbers are evenly spaced, and there are only 10 numbers, knowing the exactly location of any number will automatically give you a 1 in 10 try for the actual location of the password.

Posted via CB10

[anon(9339961)]

Okay so they have to have a specific location to move the number to, because the zone of success is very small, the only way this is possible is if the picture you are using has an easily identifiable point to drag the number to but if you chose a picture like a star light sky for example, wouldn't it be very difficult to remember exactly where to move the arbitrary "chosen number" without distinct locations to place it?

[anon(2313227)]

So I get the grid needs to be randomized in size and spacing. would then make this impossible like a circular grid.

[YesAndNo]

Impossible. No way true.

Posted via CB10

[Andrew4life]

There is actually quite a big buffer area around which you can put the number so no, you don't need to be so exact with the location of the number

Posted via CB10

[3hb78ftg]

Exactly which defeats the whole purpose of picture password. I see so many people who think they need to move the specific number rather then the grid itself. This theory of the OP would never work if the user actually used picture password as it's meant to be used. In fact, telling the person the number you use and having them watch you (if you aren't directly putting your finger on the number) and depending on the picture you use is still pretty much in possible to guess.

Exactly and the spacing i hardly ever the same. Besides if you place your thumb over the number to move it you can't see the exact location of where it goes.

[EFats]

So long story short, sans math, they're just copying the grid movement they see and hoping for a win?

Yes. If you think you know the grid size, you're basically doing that. It is a good gamble since the chance of getting it correct within 5 tries is very high.



Sent from my BlackBerry 9900 using Tapatalk

[EFats]

Z10 has 3: 10x8, 9x7, and 8x6.

I beg to differ, I clearly counted one instance on my Z10 where the grid showed up at just x5

Sent from my BlackBerry 9900 using Tapatalk

[EFats]

I have to be honest, this seems like a stretch. I would be shocked if someone could unlock my phone using the Picture Password.

Just another comment, I feel as though the picture password is greatly underappreciated This way to unlock the phone is amazingly simple but extremely effective.

I actually agree. It is an amazingly simple and effective system.

The chance that someone finding your phone and being able to get in are pretty slim. This particular attack that is being discussed is ONLY valid IF the attacker can first watch you unlocking it.

Please keep in mind if someone has sufficient time to watch you unlock such that they can determine the grid size, well, honestly all bets are off.
This is no worse, in fact I would argue much better, than current iOS or pattern unlock scheme. If someone had such time, the unlock probability with these other schemes is close to 100% on 1 try! On the unlock or pattern code, in fact you can often guess by looking at the finger smudges on the screen, no need to watch you unlock! This would not be effective with the Picture Password.

The only "complaint" here is that BlackBerry could easily make this much more secure with a very simple fix.


Sent from my BlackBerry 9900 using Tapatalk

[Thud Hardsmack]

Yes. If you think you know the grid size, you're basically doing that. It is a good gamble since the chance of getting it correct within 5 tries is very high.



Sent from my BlackBerry 9900 using Tapatalk

It just hit me, now I get it. I don't know the exact calculations on it but using my previous screenshot an attacker watching me unlock with that layout would see the grid move a huge distance, either four columns left or almost five rows up, plus one or two down and one to the right respectively. And considering I saw the unlock number pop up on the right side 6 out of 10 times, I'm not sure the grid size really matters because they could just make the same movement and likely hit it. Having the exact grid as when they saw the owner unlock would merely be a bonus and increase odds.

This can totally be done in five or less tries. Apologies for being a disbeliever for four pages.

[Thud Hardsmack]

I beg to differ, I clearly counted one instance on my Z10 where the grid showed up at just x5

Sent from my BlackBerry 9900 using Tapatalk

Maybe I didn't try long enough, mine prefers the 9x7 to the point I briefly thought it might have been the only one available.

[spARTacus]

Edited.

This is easy to not understand, just like I didn't initially understand it.

It's only about needing to remember the grid used for a successful unlock (it is irrelevant what grid was used as long as that one is remembered) plus remembering a "grid-picture-lock" for any number in that grid (it is irrelevant what number and picture location is remembered as long as one particular "grid-picture-lock" number location is remembered) against the background picture, and not needing to know anything else including not ever needing to know the real unlock number and position, unlock movements, etc...


Interesting to realize that if the alphabet was used instead of numbers, the chances would drastically reduce.

Posted via CB App for Android on Tab4 (interim Playbook replacement)

[EFats]

Aah sorry, right conclusion, wrong path to getting there. Based on your explanation, I don't think you quite understand how it works yet. One of these days somebody needs to put out a short video or a simple slide to show how this works.

It has absolutely nothing to do with moving the grid of numbers. It doesn't matter if your finger is covering up your magic number or somewhere else. Doesn't matter if you swirl it around a lot or nudge it a little or whatever. All I need to do is have a look at the screen at the final location where you unlock it.

[JuiciPatties]

EFats ... just take the time and put the video together so that we all comprehend what you are saying.

[EFats]

Okay, let's try this. Maybe this pic will explain it better.

I hope that picture attached correctly...

Again, I should re-iterate that my opinion is while this is a weakness that can, and should, be easily fixed, it still seems more secure than other common methods. Numerical unlock code (iOS, 4 or 6? digits now) or pattern unlock, if I can see you doing it as would be required by this Picture Password hack, I can guess your unlock 1st try! Unlike the Picture Password which would still likely require multiple tries, depending on your luck.

[Thud Hardsmack]

That's even simpler. My wife did it in 2 shots.

[bloke1]

Aah sorry, right conclusion, wrong path to getting there. Based on your explanation, I don't think you quite understand how it works yet. One of these days somebody needs to put out a short video or a simple slide to show how this works.

It has absolutely nothing to do with moving the grid of numbers. It doesn't matter if your finger is covering up your magic number or somewhere else. Doesn't matter if you swirl it around a lot or nudge it a little or whatever. All I need to do is have a look at the screen at the final location where you unlock it.

That could be possible if I were to unlock the phone slowly. Let's say you are focusing on the number '0' at the upper right corner and the unlock position is in the middle of the screen. But bear in mind, there could also be few other '0's on the screen. I went and swirl the grid quickly several times and unlock it. How could you determine the '0' that you see in the final unlock position is still the same '0' you saw at first at the upper right corner?

Unless, you have photographic eyesight I don't find this possible...

[Thud Hardsmack]

That could be possible if I were to unlock the phone slowly. Let's say you are focusing on the number '0' at the upper right corner and the unlock position is in the middle of the screen. But bear in mind, there could also be few other '0's on the screen. I went and swirl the grid quickly several times and unlock it. How could you determine the '0' that you see in the final unlock position is still the same '0' you saw at first at the upper right corner?

Unless, you have photographic eyesight I don't find this possible...

It took me a bit too but I finally got it - it's not the movement of the grid, it's where it stops when you unlock it that's important. All those numbers no matter what they are will move in tandem with the real number so wherever the real number stops to unlock the device, the whole grid has corresponding spots to match. All that's needed is a few attempts at moving the whole grid to match those same spots as before and eventually it will be the right one.

[spARTacus]

Aah sorry, right conclusion, wrong path to getting there. Based on your explanation, I don't think you quite understand how it works yet. ........

Who was this directed at?

Posted via CB10 on Z10

[Richard Buckley]

So long story short, sans math, they're just copying the grid movement they see and hoping for a win?

Essentially yes, the way I see it anyway.

Edit:

After reading all the posts after this one I will say that it appears you have it. It isn't the actual path the user put the grid through but the effective path. What the attacker is trying to do is copy the grid position close enough so a number is within the error range of the correct location. On each try the odds are 1 in 10 that chance will result in the number being correct. If the attacker can use all 5 tries they have about a 4 in 10 chance of unlocking the phone.

Someone suggested using the alphabet. That would reduce the chance of breaking in to 1 in 26 per try, 2,115,751 in 11,881,376 or 18% in five tries. But it would also increase the odds that the correct letter would not appear on the screen forcing the user to cancel and try again, or go hunting for the chosen letter. Not sure that would be a good trade.

LeapSTR100-2/10.3.3.2205