It seems to me this could very easily be ameliorated (or at least made overwhelmingly impractical) by putting a sliding delay in.
So, for example, if the user enters an incorrect PIN, the phone pauses for 1 second before allowing them to retry. Each subsequent failure doubles the length of time. So it’d be 0:01, 0:02, 0:04, 0:08, 0:16, 0:32, 1:04 (64 seconds), 2:08 (128 seconds), 4:16 (256 seconds), 8:32 (512 seconds), 17:04 (1024 seconds) and so on.
