
This $200 3D printed bot can crack your phone's PIN in 20 hours - makos
http://www.3ders.org/articles/20130725-the-3d-printed-bot-can-crack-your-phone-pin-in-20-hours.html
======
UnoriginalGuy
I treat pins/pattern as a way to keep casual pranksters and nosey people out
of my phone, not as a real "security measure" in the typical sense.

If I wanted actual security I would be using a full blown password and full
drive encryption (both supported by Android).

But then I'd have to turn off all my toys like sync, USB debugging, and
unsigned package installation. Which I don't want to do. So therefore I just
take my phone being relative insecure as a given, and try to keep out the
casual pranksters and or nosey people.

~~~
JoshTriplett
Sync doesn't introduce a security issue. Neither does unsigned package
installation, as long as you don't install a package that introduces a
security hole.

USB debugging is obviously a huge security issue, but you can have USB
connections not work with the phone locked, such that you have to enter the
password and unlock the phone before you can attach.

The real security problem: remote package installation, which Android allows
without prompting for anyone signed into your Google account. So, that reduces
the security of your full-disk-encrypted phone to that of your Google account,
if you tie your phone to a Google account. You can avoid that by not using a
Google account, but that means no Play store.

------
jaynos
They could do it quicker by starting with the most common PINs [1]. This all
assumes the build in locks to prevent brute force don't work.

[1]
[http://www.datagenetics.com/blog/september32012/](http://www.datagenetics.com/blog/september32012/)

~~~
rpicard
It looked like they did. If you watch the video, it starts with "1234" then
goes to "0000" and others with no discernible order, other than the fact that
they are common choices.

~~~
cmsmith
They hit 2580 and 1111 as well before the video cuts out.

------
300bps
Windows Phone 8 locks for 1 minute after 5 wrong guesses and then doubles
every wrong guess after that. So the 6th wrong guess is 2 minutes, the 7th is
4 minutes, etc.

------
nodata
I use the app from these guys
([http://phonelocatorpro.com/](http://phonelocatorpro.com/)) and set mine to
wipe after ten tries.

~~~
milesokeefe
Great idea except that you just enabled anyone to delete all your data without
your permission.

~~~
nodata
That's the whole point. If someone gets physical access to my phone, I don't
want them to get access to my data.

~~~
gk1
But what if someone picks up your phone at a party while you're just a few
feet away, and they decide to be a dick? It would take them just a minute to
erase all your data.

~~~
sksksk
It's all backed up to the cloud, so you can restore it all

~~~
dsl
Which defeats the whole point of trying to secure your data.

~~~
sksksk
You can have a long, secure password on your backup, and a short pin on your
phone

------
Recoil42
Article is down, but if this is what I think it is... iPhones start increasing
the time between allowed guesses geometrically after a few wrong ones, so this
wouldn't actually work.

~~~
gk1
From the article (which is back up now, it seems):

> Not all phones are as susceptible to the R2B2's cracking. Apple's iOS, for
> example, increases the time between PIN attempts after each incorrect guess.
> But there is only 30 seconds delay after every five wrong guesses in Android
> phone

~~~
tylermac1
Then after the 30 second delay, if you guess wrong again, it goes up to around
5 minutes. The same happens repeatedly and it can get up to a few hours. I
tried on an old iPod touch and got it up to around 4 hours.

However, it can be circumvented by restarting the phone.

~~~
octo_t
It can't be cirvumented on later versions of iOS, definitely not iOS 6
onwards.

~~~
tylermac1
Good to know. I think the last time I tried it was iOS 4 or so.

------
viennacoder
You can set an iPhone to auto wipe after 10 wrong tries. Probably a prudent
safeguard.

~~~
drakeandrews
Most android phones have the option to require the user to log into the google
account paired with the phone after X failed attempts.

~~~
Tyrannosaurs
That's quite nice.

Escalating to a stronger password after 5 failed attempts seems like a good
measure which would got a long way to nullifying this sort of brute force
attack.

How does logging into the Google account work if the phone is in Airplane mode
or whatever where there will be no data connection?

~~~
drakeandrews
I think at that point the technical term is that you're screwed.

~~~
Tyrannosaurs
I'm guessing it must be covered - either it won't escalate to the account
login or something similar.

------
warcode
Interesting, but then again I get alerted after 3 failed attempts, and I'm
pretty sure it locks down after ~10+.

An automated version that does combination locks seems like the proper market.

~~~
bashinator
I think it was Feynman who figured out that most combination locks actually
have a +/\- 1 digit slop on the dial. Between that and peoples' habit of
leaving the last digit of the combination set, and you can open it in no more
than 25*25=625 attempts for a 50-digit dial.

------
taopao
Android has exponential backoff for retries, which would foil this attack, no?

~~~
jamesaguilar
According to the article, they give you a thirty second timeout for each five
wrong attempts. That's not enough to prevent this.

------
bizarref00l
It's like this hack to unlock a gps
[http://www.dashfest.com/?p=393](http://www.dashfest.com/?p=393)

------
mistercow
I wonder how much the less versatile C3BO version costs to build. It seems to
me that you could use a cheap MC, a grid of 10 solenoids, and a simple light
sensor to build a version that would work on most touch screens and not have
to deal with the hassle of building a 2D plotter, integrating a webcam, and
controlling it with a relatively expensive Arduino.

------
nrivadeneira
Because of the last time a 3d printed cracker bot tried to hack my phone, I
now use Android's text password option instead of a pin. Combined with the
Swype keyboard, it's actually much easier to unlock my phone than before. You
get the ease of the pattern unlock with many more possible permutations.

------
HarrietJones
iPhone also starts increasing the next allowed retry time after a certain
number of incorrect guesses.

------
k-mcgrady
You can switch to using a more complex password on iOS for extra security. On
Android pattern unlock would be the obvious solution.

Also 20 hours should give you enough time to track down a device using Find My
iPhone (or similar service) before they can unlock it and shut tracking down.

~~~
Plutor
Pattern unlock has 9 spots, and you need to select at least 4. So the possible
number of patterns is:

9!/5! + 9!/4! + 9!/3! + 9!/2! + 9!/1! + 9!/0!

Which is just 985,824. And you could certainly search the more likely
combinations first -- people almost always select adjacent spots
consecutively.

~~~
milkshakes
doesn't that assume you can only select each pad once?

~~~
jaredmcateer
Yea and you can only select an adjacent spot so that also limits combinations.

~~~
woqe
You can actually select spots not adjacent to the current one.

Consider the "spots" labeled in rows from left to right as 1 2 3, 4 5 6, and 7
8 9.

If I start at 1, I can go to 2, 4, 5, 6, and 8 directly. Also, if I have used
all spots except 1 and 9, I can go to 1 then directly to 9.

------
tankbot
Except my iPhone auto-wipes after 10 incorrect entries, and yes there are
backups.

Take that nosey robots!

~~~
RandallBrown
I had some coworkers who had their iPads wiped by their children because of
this. They didn't even know the feature existed or was turned on (turned on
when they connected their work email) so they were pretty annoyed by it.

~~~
qq66
After 5 tries they should make you do some task like drawing a line or sliding
a button to allow you to do the second 5 tries, so that random button mashing
doesn't wipe your phone.

------
kunil
Doesn't sim card get blocked after 3 tries? Or is this different kind of pin?

~~~
gambiting
Yes, it's talking about the Android lockscreen pin.

~~~
claudius
But in the phone’s lockscreen, you are usually not bound by the 4-digit
requirement of SIM card PINs, hence can use an arbitrary alphanumeric password
(though likely rather short, as you have to enter it often on a small
keyboard). 36^5 >> 10^4.

~~~
TylerE
For that matter, 36 __^3 __ > 10^4, by about a factor of 5.

------
yulaow
Only in my country the simcard after 3 tries ask a PUK code of 8 digits and
after 10 tries of it just block definitively the card and only your vendor can
unlock it?

~~~
jmah
That's to unlock the SIM to start communicating with the network; this is for
"screen lock" codes on (typically) smartphones, where the SIM is already
unlocked and the phone is already on the network.

------
joeblau
All it would have to do with my phone is swipe up which didn't seem to be
programmed into it's actions.

------
antsam
Hm. My phone lets me put the SIM lock up as my lock screen. I guess this would
kill my phone pretty fast?

------
themstheones
This is why only idiots lock their phones.

~~~
0003
While I try not to underestimate conniving boyfriends, girlfriends, spouses,
friends, parents, siblings, children, and grandparents, I am reasonably
confident they will not employ a cracker bot from def con when I have
momentarily become separated from my phone. For this reason, I lock my phone.

