R2B2, the Robotic Reconfigurable Button Basher, is the invention of Justin Engler — a senior security engineer at New York-based iSEC Partners. The robot has debuted on YouTube in advance of its appearance at the Black Hat security conference in Las Vegas.
Instead of using sophisticated software to crack Android PINs, R2B2 adopts the tried-and-true method of entering every possible combination until something clicks.
In hacking, this method is known as a "brute-force" attack, but R2B2 is unique in that it exhibits brute-force behavior in real life rather than digitally. The robot — four yellow manipulators that control a central appendage, resting atop two "legs" — can sit atop an Android phone and simply press buttons over and over again.
There are 10,000 possible four-digit PINs — a relatively small number, but still too many for one human to work through. R2B2, on the other hand, has no need for food, sleep or mental stimulation, and can work through every possible PIN in just 20 hours.
If a user enters five incorrect PINs in a row, the Android OS enforces a 30-second waiting period before the person can try again — but that is the only disincentive. This is why R2B2 wouldn't work on iOS devices: Apple employs an iterative system that makes a user wait increasingly longer to retry after each incorrect PIN entry.
By Marshall Honorof
Source and read more: