Robot R2B2 brute force PIN-codes Android-smartphones
It's hard to imagine the practical goal of the creators, but the fact remains: at the next Def Con conference in Las Vegas, a couple of researchers - Justin Ingler (Justin Engler) and Paul Vines - plan to submit their development under the code name Robotic Reconfigurable Button Basher ( or R2B2), which is a robot, the purpose of which is to pick up the PIN-code of Android-smartphone. And to pick up in a very straightforward way: just turning over all possible options by “poking” into the screen of the device - just as a person does, only with incommensurably more patience.
Technically, R2B2 is pretty simple and cost its creators about $ 200. The robot is made up of three servos worth $ 10 each, an Arduino microcontroller, a plastic stylus and a set of spare parts that were printed on a $ 2800 Makerbot home 3D printer that the guys had access to. Servomotors move the plastic stylus around the screen and “click” on it, and the smartphone’s reaction to the current PIN-code combination is monitored by a 5-dollar webcam, which sends a picture via USB to specially written software for this purpose, which after the conference will be published as open source. R2B2 can be connected to Windows or Mac, where, in fact, the recognition process takes place.
The developers were not too lazy to take into account the human factor - before starting work, the robot will try a list of the most popular PIN codes (26% of credit card users use one of the 12 most popular combinations). Of course, the fact that after five incorrect entries, Android will offer to wait 30 seconds is taken into account - R2B2 is “resting” at this time. In this sense, iOS behaves more cautiously, increasing the time between a series of incorrectly entered PINs.
Considering the factor of the Android system limitation and the fact that R2B2 can enter five variants of a code in 35 seconds, the total time for the brute-shape of a smartphone is estimated at 19 hours and 24 minutes. Justin and Paul are horrified by this fact and pay attention to the fact that if the numbers in the pin code were not four, but six, then the hacking time of their robot would increase to 80 days, which somewhat eliminates the possibility of disclosing confidential data.
')
Look at the process itself can be on the video below:
[ Source ]
Technically, R2B2 is pretty simple and cost its creators about $ 200. The robot is made up of three servos worth $ 10 each, an Arduino microcontroller, a plastic stylus and a set of spare parts that were printed on a $ 2800 Makerbot home 3D printer that the guys had access to. Servomotors move the plastic stylus around the screen and “click” on it, and the smartphone’s reaction to the current PIN-code combination is monitored by a 5-dollar webcam, which sends a picture via USB to specially written software for this purpose, which after the conference will be published as open source. R2B2 can be connected to Windows or Mac, where, in fact, the recognition process takes place.
The developers were not too lazy to take into account the human factor - before starting work, the robot will try a list of the most popular PIN codes (26% of credit card users use one of the 12 most popular combinations). Of course, the fact that after five incorrect entries, Android will offer to wait 30 seconds is taken into account - R2B2 is “resting” at this time. In this sense, iOS behaves more cautiously, increasing the time between a series of incorrectly entered PINs.
Considering the factor of the Android system limitation and the fact that R2B2 can enter five variants of a code in 35 seconds, the total time for the brute-shape of a smartphone is estimated at 19 hours and 24 minutes. Justin and Paul are horrified by this fact and pay attention to the fact that if the numbers in the pin code were not four, but six, then the hacking time of their robot would increase to 80 days, which somewhat eliminates the possibility of disclosing confidential data.
')
Look at the process itself can be on the video below:
[ Source ]
Source: https://habr.com/ru/post/189422/
All Articles