If you think “nobody’s going to try all 10,000 combinations” to crack your smartphone’s four-digit PIN code, then you are wrong. This cheap, 3D-printed robot will punch in a code per second, systematically tries all of the possible PINs for your phone. It will crack an Android four-digit PIN in 20 hours or less!
Security researchers Justin Engler and Paul Vines plan to show off this R2B2, or Robotic Reconfigurable Button Basher at the Def Con hacker conference in Las Vegas early next month. R2B2 can operate on touch screens or physical buttons. It is just a finger-like bot they built for under $200, using three $10 servomotors, a plastic stylus, an Arduino microcontroller, 3D-printed plastic parts created from a Makerbot 3D printer, and a five dollar webcam that tracks if the bot has successfully guessed the code.
The device can be controlled via USB, connecting to a Mac or Windows PC that runs a simple code-cracking program. The researchers plan to release parts lists, detailed build instructions, and STL files for 3D printed parts at the time of their Def Con talk.
Not all phones are as susceptible to the R2B2′s cracking. Apple’s iOS, for example, increases the time between PIN attempts after each incorrect guess. But there is only 30 seconds delay after every five wrong guesses in Android phone. At that rate, the robot can still guess five PINs every 35 seconds, or all 10,000 possibilities in 19 hours and 24 minutes, according to Forbes.
Engler and Vine are working on improving the robot to work on non-touchscreen devices like ATMs, hotel safes and combination locks. Engler says that the R2B2 helps to raise attention to the insecurity of crackable four-digit PINs. Because a six-digit PIN, an option on many phones, would take R2B2 as much as 80 days longer to crack than the default four-digit passcode.Posted on July 25, 2013 by admin · 0 comments