Original topic:

Escalating time delays when PIN is incorrect - actual timings

(Topic created: 3 weeks ago)
355 Views
oitbc
Constellation
Options
Galaxy S24

Hi,

For a security audit we have to show that the S24 is capable of not allowing multiple PIN guesses in a short time period. A 'brute force attack'. Google Android documentation says it allows 5 attempts and then an escalation time delay pattern is used, but that the timing is up to each vendor. I've been through the user manual, service manual, and the other PDF's on the S24 page and none of them deal with it. 

Apple have an answer at their web page here https://support.apple.com/en-gb/guide/security/sec20230a10d/web for their pattern. Does Samsung have anything like that for Android 14 on their phones please?

I have googled and asked Gemini AI and all I have been able to get is that it used to be just a 30 second lockout in Android 5 and it changed in later versions of Android to an escalating pattern especially when they mandated a 6 digit pin.

4 Replies
yamialex
Nebula
Options
Galaxy S24
When was it mandatory for a 6-digit pin I had an s22 plus and a Galaxy Note 20 and I was able to do a four digit PIN
0 Likes
usermzeJaY3BsM
Black Hole
Options
Galaxy S24

OneUI 6.1 and above "mandate" a 6 digit pin, but you can get around this and still have a 4 digit one...

0 Likes
yamialex
Nebula
Options
Galaxy S24
If there's still an option to do a four digit then there isn't a mandate a mandate would be it's mandatory you have a six digit PIN if you can do four six digit is a recommendation at that point
0 Likes
oitbc
Constellation
Options
Galaxy S24

Anyone actually have the answer for the question I raised rather than a diversion on the topic?

0 Likes