The codes, or sequences, of unlocking of Android phones are not numerical pins, but signs traced on a grid of nine points according to precise rules, and they are large enough to make this method relatively safe, but it is not always like that because some of these codes are less sure than others, because they are more common. Let’s see what these signs consist of, how many are and what are the easiest ones to hack.
What are the signs of Android unlock and how many are
The signs of release of Android trace on a 3 × 3 grid, consisting of 9 dots that must be joined according to very specific rules:
- Each sign must contain a maximum of 4 points
- Each point can be chosen only once
- If a segment crosses a point not yet chosen, this will be automatically included in the path
The first two rules serve to oblige the user to carry out at least one change of direction in creating the sign and stop when the points are all taken. The third rule, on the other hand, serves to avoid jumps, for example prevents you from combining the point at the top left with the point in the lower left by skipping the central point of the left, as in the figure above. The logic is that on the one hand a sign is being traced, making a drawing, but at the same time we are choosing the points that are part of it.
But how many are these signs?
Due to the third rule, it is not so easy to calculate it: this is one of those cases in which it is easier to use the “brute force“Rather than formulas and deductions. Without this rule, in fact, creating a sign of unlocking would mean choose which point to take first, which one and so on, without repetitions, taking at least 4 points and at most 9 points. In this case it would be a type of classic problem of the mathematics branch called combinatorial calculation (which studies just like grouping and ordering sets of objects) and by applying the appropriate formulas, a total of 985824 possible signs would be obtained.
In our case, however, the third rule complicates the situation because it tells us that many of these 985,824 possible signs are not valid Android unlock codes and in fact it is difficult to determine how many are those to be excluded. This is where the “brute force“, An expression that mathematicians sometimes use to indicate those cases in which to count a set of objects do not use formulas but are listing and there are one by one all the elements of the whole. In this case it is a matter of making programs on the computer that trace, and contino, all admissible signs, which in the end are only 389,112 and we can see them all in this video:
This is not a huge number, but will it be large enough to guarantee some security?
How sure is this method and what are the easiest signs to hack?
In general, a security code is all the more safe the more difficult it is to guess it by randomlyfor example to unlock a suitcase padlock with 3 numbers you have to guess one of the 1000 possible numbers (those I can write as 000, 001, 002, up to 999) and with a single attempt we have a probability of 0.1% to make it. It looks like a safe code, but if we do an attempt every 10 seconds there are 10000 seconds to try all those numbers, less than 3 hours, a relatively short time. Things get complicated with a padlock with 4 numbers, in that case the probability of guessing drops to 0.01% and to try all the combinations would need thirty hours. The substance is that the more the possible unlocking codes of a certain type, the more difficult it is to guess the right one by randomly, and therefore the greater safety.
In our case we have 389,112 possibilities and to be sure to guess the right sign we have to take into account everyone, there are many, but we can try quickly, let’s say that we can be able to make an attempt to the second: to try them all it would take 389,112 seconds, just over 108 hours which are about 4 and a half days. After all, it does not seem long, for this reason the Android devices provide that after a number of incorrect attempts the device blocks for some time and that after an additional number of further incorrect attempts it is stuck definitively requesting a more complex procedure for unlocking.
All in all, therefore, it is a relatively safe system, provided, however, to use quite complex and not too common signs: a study conducted by Sungkyunkwan University (South Korea) And from the Samsung Electronics has in fact determined the 20 most common signs – reported in the figure above – and we can be sure that a possible attacker who wants to hack our phone will start from one of these!
