Stealing Your Android Patterns via Acoustic Signals

Pattern lock is an essential authentication method on mobile devices. Recent works on cracking pattern locks either require additional network facilities (e.g., WiFi hotspots) or suffer from strict constraints (e.g., physical closeness to the victim and good lighting). Being too susceptible to environment settings, these attacks are less effective in practice and cannot scale to a large number of users. To address these concerns, in this paper, we propose PatternListener+, a practical attack on pattern locks using the speakers and microphones on mobile devices. The speaker plays inaudible acoustic signals, which are reflected by the fingertip when the victim is drawing the pattern, and then recorded by the microphone. The recorded acoustic signals contain rich information of the fingertip motion that can be leveraged to infer the pattern. We carefully design a series of algorithms to eliminate the dynamic and static interferences, segment acoustic signals into fragments corresponding to all pattern lines, and recover each line composed of the pattern according to the signals. Finally, we recover the candidate pattern by mapping all line candidates into grid patterns with a tree structure. We implement a PatternListener+ prototype using off-the-shelf smartphones, and extensive experiments confirm the effectiveness and robustness of PatternListener+. The attack success rate is over 90 percent on 120 patterns in five attempts.