Can smartphone thieves be identified in seconds?

Ben-Gurion University of the Negev (BGU) researchers have developed a technique that identifies a smartphone thief or intruder in under 14 seconds.

“While most people are confident that password protecting a phone is sufficient, they tend to choose familiar passwords that are easy to guess,” says BGU researcher Liron Ben Kimon, now a data scientist at PayPal. “With our approach, even if someone has the password, they can’t replicate a smartphone user’s unique behavior.”

“What is new about this verification method is that the model evaluates the touch pattern sequence,” Ben Kimon explains. “For example, smartphone users interact with their device while using Google differently than they might type a message, and we can detect that.”

Her verification model extracts information from a phone’s sensors to identify frequency, pressure and speed of touch combined with the application being used. The program also computes 30 seconds of recent history, such as which screens a user touched, which buttons were pressed and how much electricity was used.

The researchers culled information from 20 users over a two-week period to develop their model, which shows that unauthorized users can be identified in under 14 seconds with less than 35 screen actions. On average, a user touches the screen 35 times in 13.8 seconds.

“A thief will almost certainly touch the screen more than 35 times to steal information because he is not familiar with an owner’s phone settings and apps,” says Kimon. “The phone can learn the typical touch and sequence pattern, and lock out an unauthorized user to prevent data theft, or someone you don’t want peeking at your messages.”

Three million phones were stolen in the United States, and another three million were lost in 2013, according to Consumer Reports.