Admittedly, this isn't the most elegant security threat we've ever seen, but it works. Meet R2B2, a 3D printed robot that punches PIN combination after PIN combination until it gets it right.
This shouldn't really come as a surprise when you figure that it takes about 10,000 combinations to crack any 4-digit password. The only obstacle is the manual labor and time required to try them all.
Looking to overcome this, and in preparation for the Def Con hacker conference in Las Vegas next month, security researchers Justin Engler and Paul Vines developed a system they call Robotic Reconfigurable Button Basher (R2B2). At one four-digit guess per second, it's fast enough to crack an Android's lock screen in 20 hours or less.
And remarkably, it cost only $300 to make.
“There’s nothing to stop someone from guessing all the possible PINs,” says Engler, a security engineer at San Francisco-based security consultancy iSec Partners. “We often hear ‘no one would ever do that.’ We wanted to eliminate that argument. This was already easy, it had just never been done before.”
Engler and Vines built their bot, shown briefly in the video above, from three $10 servomotors, a plastic stylus, an open-source Arduino microcontroller, a collection of plastic parts 3D-printed on their local hackerspace’s Makerbot 3D printer, and a five dollar webcam that watches the phone’s screen to detect if it’s successfully guessed the password. The device can be controlled via USB, connecting to a Mac or Windows PC that runs a simple code-cracking program. The researchers plan to release both the free software and the blueprints for their 3D-printable parts at the time of their Def Con talk.
In addition to their finger-like R2B2, Engler and Vines are also working on another version of their invention that will instead use electrodes attached to a phone’s touchscreen, simulating capacitative screen taps with faster electrical signals. That bot, which they’re calling the Capacitative Cartesian Coordinate Brute-force Overlay or C3BO, remains a work in progress, Engler says, though he plans to have it ready for Def Con.
All this said, it would be exceedingly easy for developers to create work-arounds to these hacking efforts (e.g. delays after getting passwords wrong, lengthier passwords, etc.), but it appears that we might have an arms race in the making.