If you think that your Android handset is safe after using a PIN to lock it, you clearly haven’t heard about the R2B2 (Robotic Reconfigurable Button Basher), the robot created by Justin Engler at New York-based iSEC Partners. It just takes the robot less than a day to find its way through any four-digit PIN code by using brute force.
Yes, it uses the brute force approach and does not employ some complicated software tricks to get past the code. The robot just keeps on hitting different number combinations until it hits the right code. The robot won’t get bored or tired and it can hit 10,000 four-digit PINs in just 20 hours.
R2B2 was created using cheap electronic components, 3D printed parts, and open-source software. And it can be programmed to work on 5 digit PINs also. As you will see in the video, R2B2 has two “legs” which support four manipulators for controlling a central appendage.
If five incorrect PINs are entered on an Android phone, the OS locks the phone down for 30 seconds before allowing PIN entry again. This means that R2B2 will be entering five PINs every 35 seconds. With iOS, users have to wait longer after hitting an incorrect PIN, and Apple’s OS might also lock down the device for hours after a few wrong entries. So, it seems that iOS devices are better at defending R2B2’s atthack.
The R2B2 will be shown off at the Black Hat security conference in Las Vegas. While it’s pretty cool, odds of such a device being used against your phone are more than slim – it’s pretty much 99% unlikely to ever happen to you.