Using a PIN to lock your Android phone will keep it safe from most people, but not from R2B2, a robot designed to brute-force its way through any four-digit code in less than a day.
R2B2, the Robotic Reconfigurable Button Basher, comes from Justin Engler, a senior security engineer at New York-based iSEC Partners. The robot has debuted on YouTube in advance of its appearance at the Black Hat security conference in Las Vegas.
Instead of using sophisticated software to crack Android PINs, R2B2 adopts the tried-and-true method of entering every possible combination until something clicks.
In hacking, this method is known as a “brute-force” attack, but R2B2 is unique in that it exhibits brute-force behavior in real life rather than digitally. The robot — four yellow manipulators that control a central appendage, resting atop two “legs” — can sit atop an Android phone and simply press buttons over and over again.
There are 10,000 possible four-digit PINs — a relatively small number, but still too many for one human to work through. R2B2, on the other hand, has no need for food, sleep or mental stimulation, and can work through every possible PIN in just 20 hours. [See also: 5 Curiously Specific Robots]
If a user enters five incorrect PINs in a row, the Android OS enforces a 30-second waiting period before the person can try again — but that is the only disincentive. This is actually the reason why R2B2 would not work on iOS devices: Apple employs an iterative system that makes a user wait increasingly longer to retry after each incorrect PIN.
You can actually create your own R2B2, if you want. The robot is the result of open-source software, a few cheap electronics and a standard MakerBot 3D printer, reports Forbes. In fact, apart from the electronic components, the entire robot was 3D-printed.
Android smartphone users will soon have a chance to participate in important scientific research every time they charge their phones.
Using a new app created by researchers at UC Berkeley, users will be able to donate a phone’s idle computing power to crunch numbers for projects that could lead to breakthroughs ranging from novel medical therapies to the discovery of new stars.
The app was created by a Berkeley project called BOINC (Berkeley Open Infrastructure for Network Computing), which is known for its computer software that supports more than 50 volunteer computing projects around the world. BOINC software allows projects to tap unused processing power donated by computer owners around the world to analyze data or run simulations that would normally require cost-prohibitive supercomputers.
The new Android app, also called BOINC, will be available Monday, July 22, from the Google Play Store and works on Android versions 2.3 or later. The app currently supports several popular computing projects, including[email protected], which searches radio telescope data for spinning stars called pulsars, and [email protected], which searches for more effective AIDS therapies as part of IBM’s World Community Grid. Android, owned by Google Inc., is the operating system used by two-thirds of all smartphones today.
“There are about a billion Android devices right now, and their total computing power exceeds that of the largest conventional supercomputers,” said BOINC creator David Anderson, a research scientist at UC Berkeley’s Space Sciences Laboratory. “Mobile devices are the wave of the future in many ways, including the raw computing power they can provide to solve computationally difficult problems.”
Creation of the app was funded by the Max Planck Institute, which runs [email protected]; Google Inc.; and the National Science Foundation, which has supported BOINC since 2002. IBM assisted in the design of the user interface and organized beta testing of the app.
“Our main goals are to make it easy for scientists to use BOINC to create volunteer computing projects to further their research, and to make it easier for volunteers to participate,” Anderson said.
In a bid to become ubiquitous, Dropbox unveils tools to help developers sync apps across mobile platforms.
Dropbox, the fast-growing file-synching and file-sharing service, today announced new tools that could help the company become an indispensable ally to developers in an increasingly fragmented mobile ecosystem.
The growth of smartphones and tablets spawned a whole new app economy, as well as a vexing problem for app developers: how to make an app that’s running on one device, such as a game on an Android smartphone, sync up with the same game running on every other device a person may use, from iPads to Linux laptops.
Dressed like a latter-day Steve Jobs in a tight black long-sleeve sweater, blue jeans, and white sneakers, Dropbox founder and CEO Drew Houston addressed a crowd of developers, reporters, and some tech royalty (including Facebook CEO Mark Zuckerberg) at the company’s first developer conference in San Francisco.
Houston explained the difficulties developers encounter when trying to make apps work together across platforms, saying there are “thousands of details” they must get right for it to work. “If it were easy, all of this stuff would just work,” he said. “We wouldn’t be talking about it.”
Houston introduced a new Dropbox platform, which includes a way for developers to easily allow their Android and iOS apps to sync with each other by having Dropbox do what it already does—sync and store data online—but with the structured bits of data modified within apps as you use them, rather than just for files like photos and Word documents. This way it doesn’t matter what logo is on the back of your phone, Houston said; “it just works.”
“This is a first step in a whole new way of building apps where you can have this completely seamless experience across platforms,” he said.
While Dropbox is just one of many cloud storage and file-synching services, it may have the chops and the momentum to make this ambitious plan work. Since launching in late 2008, the service has grown tremendously—it reached 100 million users in November, and has added an additional 75 million since then. Each day, users save over a billion files.
Software can let smartphones, Wi-Fi routers, and other hardware link up without centralized Internet service.
After an earthquake crippled Haiti in 2010, killing and injuring hundreds of thousands and destroying the country’s communication networks, Paul Gardner-Stephen found himself thinking about all the cell phones that had instantly become useless. With cell towers out of commission across the country, they would be unable to operate. “If the software on the phones was right,” he says, “they would keep working for at least localized communication, handset to handset.”
Gardner-Stephen, a research fellow at Flinders University in Adelaide, Australia, now leads a project that enables Android phones to do just that. Serval, as the project is called, offers an app that allows nearby phones to link up using their Wi-Fi connections, as long as they have been modified to disable the usual security restrictions. Voice calls, text messages, file transfers, and more can take place between devices with the Serval app installed. Devices don’t need to be in range of one another to communicate, as long as there are other devices running the app in between; data can hop between any phones with Serval installed.
This approach, known as mesh networking, is not a new idea (see “Automatic Networks”). But the combination of relatively cheap smartphones and Wi-Fi routers with the progress made by open-source projects such as Serval means that creating and operating such networks is now becoming possible without specialist knowledge.
“We’re trying to dramatically increase the usability and take this out of the geekosphere,” says Sascha Meinrath, the leader of a project called Commotion Wireless, which is developing several software packages that allow people to create mesh networks using low-cost Internet and networking hardware, primarily Wi-Fi routers. The Commotion project is run by the Open Technology Institute, an initiative of the New America Foundation, a nonpartisan think tank in Washington, DC.
Some communities in Washington, Brooklyn, and Detroit already have Wi-Fi-based mesh networks built on Commotion’s technology. The networks offer free Internet access by extending the reach of free connections offered by community centers; they also provide Web services and apps that function only within the local mesh.
After superstorm Sandy cut power to most of Red Hook, Brooklyn, the neighborhood’s mesh network demonstrated how the technology could help recovery after natural disasters. A FEMA-provided satellite Internet link was connected to one part of the Commotion-based network still operating, and a mesh-enabled Wi-Fi router was installed on the roof of an auto body shop that also still had power. That made it possible for many residents and the local aid distribution point to use the slow but badly needed satellite link.
News from the Middle East in recent years—and the U.S. in the past few weeks—has also raised awareness of the potential for mesh networks to create communication networks independent of government oversight. Voice calls and text messages made using phones on a Serval mesh network are strongly encrypted. Gardner-Stephen says that smartphones with Serval installed could enable, say, protesters to keep reaping the benefits of those devices even if cellular networks are shut off.
“You could have someone taking pictures and video at a protest and sharing them immediately to the mesh,” he says. “Even if that person’s phone is seized, the footage has already made it to 10 other phones in the area, and then to hundreds or thousands more.” If one of those people had access to a satellite link, the world would soon know what had happened, he says.
The Commotion project is also working on making its mesh software useful to people, such as political dissidents, for whom conventional connectivity isn’t safe, and the project has received federal grants to support that work. “The State Department and USAID are interested in protecting the free flow of information,” says Meinrath. “You could use a mesh to route around surveillance and censorship.”
To that end, the Commotion team is adapting an encrypted chat program called Cryptocat so it can be used to communicate securely across a local mesh network. Another adaptation aims at making it possible to route communications only through trusted devices on a mesh network, in case an adversary has joined and is collecting traffic. However, Commotion’s security features are far from complete, and the project prominently displays a warning label on its site to indicate its current limitations.
The range of Wi-Fi poses a technical challenge for mesh networks. Tests by the Serval project indicate that for two phones to communicate directly over a Wi-Fi mesh, they need to be within 100 meters of one another with a clear line of sight, or about a room away if they’re linking through buildings.
Serval is currently testing a device called a mesh extender that can help networks based on its technology reach farther. The device uses Wi-Fi to connect tens of nearby Serval devices to a long-range radio link. If extenders are mounted on the roof, links between several of them should be able to stretch kilometers, says Gardner-Stephen. A crowdfunding campaign to support development of a production version of his prototype will launch soon, and the New Zealand Red Cross is helping test the current design.