The old standby four-digit PIN passcode for smartphones is a mere speed bump to R2B2, a PIN-guessing robot that shares pretty much no physical resemblance with the famous "Star Wars" droid. But just as R2-D2 was good at opening starship doors and hacking into the Death Star, so is R2B2 good at hacking into Android phones.
The device consists of a robotic fingertip that taps out different passcodes until it manages to hit on the right one. Instead of a hacker having to sit there and try all the potential combinations in a mind-numbing exercise in boredom, the indefatigable robot provides the labor.
The bot's full name is Robotic Reconfigurable Button Basher. It's the creation of security researchers Justin Engler and Paul Vines. Engler will be presenting it at the upcoming Black Hat USA conference. Besides punching in numbers, it can also handle pattern-based lock screens.
R2B2 can figure out an Android PIN in 20 hours, assuming it doesn't just get lucky early on. The device was crafted from an Arduino microcontroller, three servomotors, a Webcam, and plastic parts created on a 3D printer. The whole creation cost about $200 to make.
One antidote to a machine like R2B2 is a smartphone that locks the hacker out after a certain number of attempts. The robot would have to be super lucky to break in under those circumstances. The bot does bring some added attention to the issue of easily hackable passcodes. It might be time to reconsider your smartphone security level.