- Okay, let's try this. Maybe this pic will explain it better.
Attachment 417466
I hope that picture attached correctly...
Again, I should re-iterate that my opinion is while this is a weakness that can, and should, be easily fixed, it still seems more secure than other common methods. Numerical unlock code (iOS, 4 or 6? digits now) or pattern unlock, if I can see you doing it as would be required by this Picture Password hack, I can guess your unlock 1st try! Unlike the Picture Password which would still likely require multiple tries, depending on your luck.
I'll just add that while you can technically pick any number to line up while "hacking", using the same number as you observed in the spot will make it much easier to align the grid perfectly.02-15-17 07:36 AMLike 0 -
Yeah I won't the contest... but it was an educated guess. I knew that he wasn't putting his thumb in the number and I just watch which number were the most probable. Then I guessed02-15-17 05:57 PMLike 0 - It depends on the attack vector. If someone is going to see/record your "password", no matter what it's form is, enough times, they're going to break your algorithm. The vulnerability lies in human nature most of the times anyway.
I assume these authentication methods are made to withstand 3-4 attacks at most. It's difficult to make something easy to do and hard to break at the same time.02-15-17 07:11 PMLike 0 - Haha indeed but credit goes to google, not my memory. While looking around for some deeper level description details about picture password I came across the old contest and saw your handle as the winner, then noticed it again in the thread. Oh the irony. I couldn't resist but to somehow mention it.
Posted via CB App for Android on Tab4 (interim Playbook replacement)02-15-17 08:14 PMLike 0 -
-
LeapSTR100-2/10.3.3.220502-15-17 08:33 PMLike 0 -
Posted via CB1002-15-17 08:33 PMLike 0 - Only if they also did not allow cancellation to discard a pitch setting. Even if the separation was truly random there are going to be limits on the upper and lower boundaries of the pitch. If an attacker can still cancel out of an attempt with a pitch not close enough to the one observed the situation is the same. The pitch the attacker uses doesn't have to be identical to the one observed, just close enough so that the real number is within the error radius of the real location.
LeapSTR100-2/10.3.3.2205
They really should be able remove the ability to request a new grid. Even just having an option to have every grid generation count towards the unlock attempt total would be nice.02-15-17 09:23 PMLike 0 - I kinda get what ur saying op, ur saying that the number grid is in cycle, and by pinpointing one specific number you might get lucky enough when the system generates another grid with the number you choose and the number that the owner choose in the same position, but I'd say that's still a very slim chance, as the distance between the numbers also change.
Posted via CB1002-15-17 09:24 PMLike 0 - I kinda get what ur saying op, ur saying that the number grid is in cycle, and by pinpointing one specific number you might get lucky enough when the system generates another grid with the number you choose and the number that the owner choose in the same position, but I'd say that's still a very slim chance, as the distance between the numbers also change.
Posted via CB10
The probabilities have already been discussed, and they are well above slim chance territory.02-15-17 09:27 PMLike 0 -
And also the guy who is trying to crack the phone must know how bb's picture password works, and he'd have to think hard enough to get the theory, so I'd say my phone is pretty safe from. At least 99.9% of the people around me.
Posted via CB1002-15-17 09:38 PMLike 0 -
They really should be able remove the ability to request a new grid. Even just having an option to have every grid generation count towards the unlock attempt total would be nice.
LeapSTR100-2/10.3.3.220502-16-17 03:57 AMLike 0 -
I think disabling cancel option is problematic due to accidental swipes and pocket unlocks.
Posted via CB1002-16-17 02:39 PMLike 0 - I tried to reproduce it, too. But I couldn't.
In my attempts I also got confused about what space I memorized exactly. Already this isn't too easy, because on my Z10 it just takes about 1–2 mm to place the number wrong.
Then I also didn't see any weakness in the random number pattern. I don't think there are just some patterns getting cycled, too. Can't say this for sure, but it would be incredibly foolish, to integrate PicPas this way.02-18-17 02:58 AMLike 0 - Am sorry, have tired this countless times, its absolutely impossible because, when you move your hand to set your password to the location, the "grid " changes too. The grid that comes on display is going to be different from the one that appears on the location when your no and your location is correct.
To repeat that particular grid is next to impossible in 5 tries. I understand what the op is saying but it wouldn't be a problem.
Like me, my location for the correct pattern is upper left and I start moving the grid from lower right of the screen, someone looking at the screen when I do that will most definitely be confuse. That's my take on this.
Posted via CB10Last edited by sir mictol; 02-18-17 at 05:01 AM.
02-18-17 04:49 AMLike 0 - For everyone claiming it's impossible, please reread this thread. It has been explained multiple times now.
I can't be bothered to explain it again.
If you want to take the stance that it doesn't matter, or that "vulnerability" is to strong a word, that's fine. But please don't keep claiming the OP was completely wrong.Thud Hardsmack likes this.02-18-17 08:07 AMLike 1 -
Still, I think it would be preferable if you could cancel but it would save the grid layout (ideally even the current selection of random numbers) and restore it next time. I'm not sure if this is technically possible or not.02-18-17 09:44 AMLike 0 - Am sorry, have tired this countless times, its absolutely impossible because, when you move your hand to set your password to the location, the "grid " changes too. The grid that comes on display is going to be different from the one that appears on the location when your no and your location is correct.
To repeat that particular grid is next to impossible in 5 tries. I understand what the op is saying but it wouldn't be a problem.
Like me, my location for the correct pattern is upper left and I start moving the grid from lower right of the screen, someone looking at the screen when I do that will most definitely be confuse. That's my take on this.
Posted via CB10
LeapSTR100-2/10.3.3.220502-18-17 09:54 AMLike 0 - Remember in the unlikely event that you end up using all 5 tries you still get to use the regular password/pin.
Still, I think it would be preferable if you could cancel but it would save the grid layout (ideally even the current selection of random numbers) and restore it next time. I'm not sure if this is technically possible or not.02-18-17 04:58 PMLike 0 - On my z10, if the grid comes up and if I do not try it but instead hit the top button or cancel, then I'll almost always get a different grid the next time. On my z10, it never counts against my attempts if I do not try it but instead hit the top button or cancel.
Posted via CB App for Android on Tab4 (interim Playbook replacement)02-18-17 05:09 PMLike 0 -
LeapSTR100-2/10.3.3.220502-18-17 05:12 PMLike 0 - I was on 10.3.2 until just a few minutes ago, now that I'm on 10.3.3.1463 it works like yours. So it would appear we stumbled across another hidden update.02-18-17 09:40 PMLike 0
- Forum
- BlackBerry 10 Phones & OS
- BlackBerry 10 OS
Picture Password vulnerability
Similar Threads
-
Does the DTEK50 have picture password?
By oberkfell in forum BlackBerry DTEK50Replies: 15Last Post: 04-04-17, 06:19 PM -
Unable to Upload Pictures to my PC and Facebook
By OneMoreQuestion in forum BlackBerry PrivReplies: 8Last Post: 02-12-17, 12:33 PM -
How to export Password Keeper data from Priv back to BB10
By GEO1ER in forum Ask a QuestionReplies: 2Last Post: 02-12-17, 07:29 AM -
How to turn off camera noise while taking a picture?
By cb_arjun_cb in forum Ask a QuestionReplies: 1Last Post: 02-09-17, 12:49 AM -
Exporting Password Keeper records
By Powdah in forum Ask a QuestionReplies: 3Last Post: 02-08-17, 08:08 PM
LINK TO POST COPIED TO CLIPBOARD