Built for under $200, using three $10 servomotors, a plastic stylus, an Arduino microcontroller, 3D-printed plastic parts created from a Makerbot 3D printer, and a five dollar webcam that tracks if the bot has successfully guessed the code.
The device can be controlled via USB, connecting to a Mac or Windows PC that runs a simple code-cracking program. The researchers plan to release parts lists, detailed build instructions, and STL files for 3D printed parts at the time of their Def Con talk.
Not all phones are as susceptible to the R2B2's cracking. Apple's iOS, for example, increases the time between PIN attempts after each incorrect guess. But there is only 30 seconds delay after every five wrong guesses in Android phone. At that rate, the robot can still guess five PINs every 35 seconds, or all 10,000 possibilities in 19 hours and 24 minutes, according to Forbes.
It is based on Delta Robot: http://www.thingiverse.com/thing:44235