Slashdot Mirror

← Back to Stories (view on slashdot.org)

PIN-Cracking Robot To Be Showed Off At Defcon

Posted by timothy on from the brute-force dept.

Sparrowvsrevolution writes "At the Def Con hacker conference in Las Vegas early next month, security researchers Justin Engler and Paul Vines plan to show off the R2B2, or Robotic Reconfigurable Button Basher, a piece of hardware they built for around $200 that can automatically punch PIN numbers at a rate of about one four-digit guess per second, fast enough to crack a typical Android phone's lock screen in 20 hours or less. Engler and Vines built their bot, shown briefly in a preview video, from three $10 servomotors, a plastic stylus, an open-source Arduino microcontroller, a collection of plastic parts 3D-printed on their local hackerspace's Makerbot 3D printer, and a five dollar webcam that watches the phone's screen to detect if it's successfully guessed the password. The device can be controlled via USB, connecting to a Mac or Windows PC that runs a simple code-cracking program. The researchers plan to release both the free software and the blueprints for their 3D-printable parts at the time of their Def Con talk."

6 of 114 comments (clear)

  1. Double the delay every failed attempt by grimJester · · Score: 5, Interesting

    I'm always amazed when passwords are locked out after just three or five attempts. Allowing a hundred would still protect against brute force, while never being a problem for an actual human being. Even better would be to start with a one second delay, doubling it every time, so a brute force attempt would take ages but a human only gets some time to think.

  2. Re:lock out? by Anonymous Coward · · Score: 5, Informative

    "But every Android phone that Engler and Vines tested was set by default to use a much less stringent safeguard, delaying the user just 30 seconds after every five guesses. At that rate, the robot can still guess five PINs every 35 seconds, or all 10,000 possibilities in 19 hours and 24 minutes."

    Not by default.

  3. Update in the next android by 140Mandak262Jamuna · · Score: 5, Insightful

    The screen would be locked out after every failed unlock attempt for the duration of t millisecons, t = 1 * 2^(n) , where n = nth consecutive failed unlock attempt. My quick calculation shows the 50th unlock attempt would take 35000 years. The tenth unlock attempt would take 1 sec. Ravi S

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  4. Joke's On Them by BobNET · · Score: 5, Funny

    My PIN is 9999, it'll be the last number it could possibly try!

    And I'm sure in the 20 hours it takes to get that far, someone will notice and say "hey, Bob, why is there an android trying to break into your Android phone?"

  5. Ha! That's nothing! by Nuffsaid · · Score: 5, Funny

    My robot can crack a typical Android phone's screen with just one vigorous hit!

    --
    Nuffsaid
    ________

    Don't know about his cat, but Schroedinger is definitely dead.
  6. Re:lock out? by ColdWetDog · · Score: 4, Funny

    Or, just don't hand your phone to people carrying silly looking robot parts that want to borrow your device for "19 hours".

    Problem solved!

    --
    Faster! Faster! Faster would be better!