a researcher tweeted about a potential security issue, that could allow to brute force 4 digit pins. The NVD has assigned a CVE to this issue (CVE-2018-16550) suggesting it has somewhat validated the finding.
Is there any official feedback on your side? Where you able to validate this finding? If so, is it going to be fixed in a future release?