If device was subject to brute force pin attempt and auto reboot was enabled to a low time like 4 hours would the time between pin attempt be put back to zero if it reboots during brute force attack ?
Could the attacker reboot the device during brute force attack to get around attempt time out ?

    If (!) there was a way for somebody to bruteforce the phone they would not even need to enter the OS itself, they would find a way to extract the keys from the phone and bruteforce them bypassing any kind of security element.

      OP's question is interesting. Can anyone definitively answer?

      Hathaway_Noa
      I find this statement confusing.

      If the actor has extracted the keys, there is no need for brute force.

      What did I miss?

      I asked a similar question. There's a immutable timer while the phone is running.
      Specifically, I asked about network time possibly interfering with the auto reboot timer.
      On that basis, I think that's interrupting with a reboot would not affect the brute force rate limiting. It's not based on boot time but rather previous unsuccessful attempts. Which doesn't appear to reset on boot.

        Ok i just tried it on my second device got to a 30 second time out , rebooted and entered wrong pin and its still at 30 second timeout .
        This is good

        Skyway If device was subject to brute force pin attempt and auto reboot was enabled to a low time like 4 hours would the time between pin attempt be put back to zero if it reboots during brute force attack ?

        Like what you just tested, PIN throttling does not reset on a device reboot.

        Rate-limiting of authentication is managed by a separate internal timer / the secure element rather than the operating system. The time remaining is returned to the operating system when the weaver status from where secrets are stored (Titan M/M2 in this case) is queried. For comparison, this behaviour also happens with iPhones when the PIN is throttled.

        https://grapheneos.org/faq#encryption
        https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/master/weaver/1.0/IWeaver.hal