We have conducted few tests in our labs and here are some shocking results.
This is not a threat at present but may pose as a threat in the near future.
1. We used a NFC password lock(an experimental locking system developed by me and my friends)
Basically its a tablet that has open or locked status at present, which may be implemented as a door lock or something like that.
2. Another tablet is used as a portable keyboard, so when we need to open the lock(other tablet) we bring it into NFC range and punch the 4 digit pin.
After I developed another program that hacks into the nfc channel and starts brute forcing the pin.
It took us 5.30 hours to brute force the 4 digit pin.
1. Yes, android devices can serve as brute forcing devices.
2. Brute forcing can be stopped by allowing a limit to password trials.
Will be updated with additional information as soon as our tests are completed.