How secure is your smartphone's lock screen?
Checks and balances
Fortunately, there other safeguards in place. On iPhones and iPads, for instance, there is a forced delay of 80 milliseconds between PIN or password attempts.
And after 10 incorrect attempts, the device will either time-out for increasing periods of time, lock out completely, or potentially delete all data permanently, depending on your settings.
Similarly, Android devices enforce time delays after a number of passcode or password entries. However, stock Android devices will not delete their contents after any number of incorrect entries.
Swipe patterns are also a good security mechanism, as there are more possible combinations than a four-digit PIN. Additionally, you can't set your swipe pattern to be the same as your banking PIN or password, so if one is compromised, then the others remain secure.
However, all of these security controls can potentially be thwarted. By simply observing the fingerprints on a device's display on an unclean screen, it is possible to discern a swipe pattern or passcode. When it comes to touch screen devices: cleanliness is next to secure-ness.
Bypasses
Speaking of fingers, biometrics have increased in popularity recently. Biometric security controls simply means that traits of a human body can be used to identify someone and therefore unlock something.
In the case of smartphones, there are competing systems that offer various levels of security. Android has facial, voice and fingerprint unlocking, while iOS has fingerprint unlocking only.
Generally, biometrics on their own are not inherently secure. When used as the only protection mechanism, they're often very unreliable, either allowing too many unauthorised users to access a device (false positives), or by creating a frustrating user experience by locking out legitimate users (false negatives).
Some methods of bypassing these biometric protections have been widely publicised, such as using a gummi bear or PVA glue to bypass Apple's TouchID, or using a picture to fool facial recognition on Android.
To combat this, Apple disables the TouchID after five incorrect fingerprint attempts, requiring a passcode or password entry to re-enable the sensor. Likewise, current versions of Android enforce increasing time-outs on after a number of incorrect entries.
These methods help strike a balance between security and usability, which is crucial for making sure smartphones don't end up hurled at a wall.
Although these lockscreen protections are in place, your device may still contain bugs in its software that can allow attackers to bypass them. A quick search for "smartphone lockscreen bypasses" on your favourite search engine will yield more results than you'd probably care to read.
Lockscreen bypasses are particularly problematic for older devices that are no longer receiving security updates, but new devices are not immune. For example, the latest major iOS release (iOS 9.0) contained a flaw that allowed users to access the device without entering a valid passcode via the Clock app, which is accessible on the lockscreen. Similar bugs have been discovered for Android devices as well.
All of these efforts could be thrown out the window if you install an app that includes malware.
So lockscreens, PIN codes, passwords and swipe patters should only be considered your first line of defence rather than a foolproof means of securing your device.
Clinton Carpene, Post Doctoral Researcher in network security, Edith Cowan University
This article was originally published on The Conversation. Read the original article.