Skip Navigation
BlackBerry Blog

BlackBerry’s Picture Password Automatically Protects You from New Hacking Tactic

SECURITY / 07.09.15 / Ryan Blundell

To live in a world where hackers already have a million different ways to steal information off my phone is bad enough. (Let’s see, there’s malware, a thief guessing my lame password, or it could even be someone looking over my shoulder.) Now, according to researchers at Syracuse University, using a smartphone in public at all might be a bad idea because of something called spatio-temporal dynamics.

Spatio-temporal dynamics is a type of artificial intelligence that involves calculating the distance and relationship of objects. In an experiment conducted last year, the Syracuse researchers discovered thieves could use spatio-temporal dynamics to figure out smartphone passwords. Here’s how it’s done: the hacker videotapes someone using a phone, even if all he’s able to get is the back of the device and the movements of the user’s hands as they type. The hacker then applies an algorithm to the video footage that maps the position of the user’s hands to the known position of the phone’s keypad. Hello password, bye-bye data.

“It’s like lip reading,” said Vir V. Phoha, a professor in the electrical engineering and computer science department at Syracuse and a coauthor of the research paper, Beware, Your Hands Reveal Your Secrets!. “Based on hand movement and the known geometry of the phone, we can see which keys are pressed.”

According to Director of BlackBerry Security Alex Manea, it’s even better than that. “Lip reading is limited because many sounds use the same lip movement and are impossible to tell apart. Every key on a mobile keyboard is in a unique location, so the only real limitations of spatio-temporal analysis are video quality and image processing.”

Spatio-temporal analysis is already alarmingly accurate. The researchers were able to determine the password after just 10 guesses 94% of the time. To me, this meant any stranger could easily use a camcorder, another smartphone, or even a wearable to film me using my phone and it would be like handing over all my information. Great. I’d have to unlock my BlackBerry from inside a trenchcoat for the rest of my life. Then I remembered: I’m safe, even from a new hacking method like spatio-temporal analysis, because I use a Picture Password.

pic password combo

When Picture Password was introduced last year in BlackBerry 10 OS version 10.2.1, I quickly adopted this new method of securing my phone. It brings a whole new level of security without compromising my productivity. If you haven’t started using it yet I strongly suggest you do.

For those new to the concept, it’s easy to grasp. Picture Password lets you use a combination of a number (0 to 9) and picture to unlock your BlackBerry instead of typing a password. This scheme might sound simplistic but it’s beautifully and intelligently secure. Let’s say your Picture Password is the combination of the number 7 and the big blue button in a photo of lots of brightly colored buttons. Each time you want to unlock your phone, Picture Password presents a randomly generated number grid that includes several instances of the number 7. This semi-transparent grid in turn is laid over the button photo. You tap anywhere on the screen and drag the entire grid until one of the 7s is positioned directly over the blue button. Release the drag for a match and that’s all there is to it!

Picture Password helps protect me from:

  • App attacks. Researchers have been able to tap into smartphone accelerometers to decipher where a user has tapped the screen. Because Picture Password is random it doesn’t rely on specific points for tapping.
  • Shoulder surfing. With no set points to track, only a number and a location that can be obtained from anywhere on the screen, prying eyes will find it very hard to figure out how I access my phone.
  • Connecting to a computer. Even if my phone falls into the wrong hands and the thief tries to connect my BlackBerry to a computer, he will be prompted to enter a password. (You have to set up a traditional password in order to use Picture Password.) Since I don’t use my password anymore when I’m out and about, no one can steal it.
  • Reverse “smudgineering.” My son Keian was able to use the smudge pattern on my phone to figure out my password when he was four years old. Thanks to Picture Password, greasy fingerprints no longer hold the cryptic key to your password.
  • Of course, Picture Password isn’t your BlackBerry’s only defense. BlackBerry devices automatically wipe all data after 10 incorrect attempts to guess the password. I can always replace a phone; I can’t undo stolen data. But let’s say I used no password at all. I could still rest easy knowing that BlackBerry Balance would keep my work data safe. Balance prevents data from the work area of the phone from being copied and pasted into the personal space where it’s accessible. BlackBerry is dedicated to reducing the negative impact of a theft by ensuring that data, whether personal or work related, remains private and secure and usable.

    Picture Password is the best way yet to protect your BlackBerry. Even changing a Picture Password is less cumbersome than creating a new traditional password, usually a chore of picking new numbers and letters. With Picture Password you simply choose a new number and picture combination.

    So bring it on, spatio-temporal hackers. I feel safer than ever having practically my entire life on my BlackBerry. I don’t have to hide from strangers with cameras. My Picture Password will keep ’em guessing.

Ryan Blundell

About Ryan Blundell

Ryan has been involved in the wireless industry for well over a decade; currently managing technical communication, interaction design and content strategy for a Canadian wireless provider. He has previously been published on Innovation Insights, Business 2 Community, Everything Zoomer and CrackBerry.com. You can follow Ryan on twitter @ryanblundell