Jul.25, 2013

If you think "nobody's going to try all 10,000 combinations" to crack your smartphone's four-digit PIN code, then you are wrong. This cheap, 3D-printed robot will punch in a code per second, systematically tries all of the possible PINs for your phone. It will crack an Android four-digit PIN in 20 hours or less!

Security researchers Justin Engler and Paul Vines plan to show off this R2B2, or Robotic Reconfigurable Button Basher at the Def Con hacker conference in Las Vegas early next month. R2B2 can operate on touch screens or physical buttons. It is just a finger-like bot they built for under $200, using three $10 servomotors, a plastic stylus, an Arduino microcontroller, 3D-printed plastic parts created from a Makerbot 3D printer, and a five dollar webcam that tracks if the bot has successfully guessed the code.

The device can be controlled via USB, connecting to a Mac or Windows PC that runs a simple code-cracking program. The researchers plan to release parts lists, detailed build instructions, and STL files for 3D printed parts at the time of their Def Con talk.

Not all phones are as susceptible to the R2B2's cracking. Apple's iOS, for example, increases the time between PIN attempts after each incorrect guess. But there is only 30 seconds delay after every five wrong guesses in Android phone. At that rate, the robot can still guess five PINs every 35 seconds, or all 10,000 possibilities in 19 hours and 24 minutes, according to Forbes.

Engler and Vine are working on improving the robot to work on non-touchscreen devices like ATMs, hotel safes and combination locks. Engler says that the R2B2 helps to raise attention to the insecurity of crackable four-digit PINs. Because a six-digit PIN, an option on many phones, would take R2B2 as much as 80 days longer to crack than the default four-digit passcode.

Source: Forbes





Posted in 3D Printing Applications

Maybe you also like:









Ciba wrote at 7/23/2014 4:43:46 AM:Interesting Idea but rather useless in reality, a brute force program could do it in 20 mins but considering that almost any service that requires a 4 digit pin code will only give you 3 goes before you are locked out, it most certainly would never work on an ATM and you would probably get arrested within a few mins anyway. Yes it is useless as it would not even be able to crack my $50 smart phone. Program it to play the piano and them you will have something truly interesting and useful :)Noah wrote at 10/4/2013 8:34:07 PM:I have a gesture lock with Go Locker. You have to draw a diagram to get in.boredobama wrote at 7/27/2013 2:35:13 AM:The majority of cell phones have 3/5 successfull attempts before locking the device. The next failed attempts, with PUK, will block it. This project is mostly educative...ee wrote at 7/26/2013 8:07:28 PM:My phone has a 14 digit code. Probably easier just to re-flash it anyway.Doowangle wrote at 7/26/2013 6:48:09 PM:Why waste man hours on something like this? Great, you can crack a cell phone password if I give you my phone for 20 hours. Real useful step forward for mankind.!John wrote at 7/26/2013 6:44:36 PM:Why would you say this is useless? I think it serves two clear purposes: 1. People should know that a 4 digit pin is useless 2. It's an awesome well executed hack/proof of conceptJohn wrote at 7/26/2013 3:00:06 PM:useless, the phone locks after 3 attempts, even if it didn't, add 2 digits and it takes 2000 hours, good luck with thatProdux wrote at 7/26/2013 11:13:52 AM:Android gives a 30 seconds delay after 10 wrong tries. Sim card locks you out completely after 3 wrong tries.John wrote at 7/26/2013 1:49:39 AM:I am pretty sure android locks you out after 15 goes and sim cards after 3.Ray wrote at 7/25/2013 6:49:11 PM:don't get it? My phone gives you 3 tries then it's locked for goodjd90 wrote at 7/25/2013 6:42:00 PM:*turns on "erase data after 10 failed attempts*



