PIN-punching $200 robot can brute force every Android numeric screen-password in 19 hours


1 Like

So inelegant.

You could defeat the robot it by having an exponentially increasing lock out after each wrong password.

1 Like

It seems to me this could very easily be ameliorated (or at least made overwhelmingly impractical) by putting a sliding delay in.

So, for example, if the user enters an incorrect PIN, the phone pauses for 1 second before allowing them to retry. Each subsequent failure doubles the length of time. So it’d be 0:01, 0:02, 0:04, 0:08, 0:16, 0:32, 1:04 (64 seconds), 2:08 (128 seconds), 4:16 (256 seconds), 8:32 (512 seconds), 17:04 (1024 seconds) and so on.

That wouldn’t really “Defeat” the robot, it would just make it more time-consuming, making the process much less viable. 32 wrong guesses would have the delay at 136 years or so.

I’m going to build a robot that punches the phone’s owner repeatedly until it divulges the PIN.


Assuming there is no lock out/phone reset set up for repeated failed attempts. Or a app set up to report location of the repeated attempts to log in.

Every numeric password in 19 hours. Right. Uh huh.

It would take 19 years for mine. Unlike iOS, Android isn’t limited to 4 digits.

No one here read the OP, right? That is so fun and clever!

My method works on all models of phone.

1 Like

What makes you think iOS is limited to 4 digits?

Also did you see the part where even 4 digit iOS PINs can’t be broken because of the increasing time delay?

My two year old manages to activate the increasing time delay on my iPhone on a regular basis by mashing the unlock buttons to see what happens.

iOS is not limited to 4 digits either (there is a setting to change it)

That was mentioned in the BB post. That’s what Apple does.

This topic was automatically closed after 5 days. New replies are no longer allowed.