We published a blog by
@ryotkak
regarding the technique called "First sequence sync", which allows an attacker to exploit a tiny race condition in the PIN authentication.
Using this technique, he successfully sent 10,000 HTTP requests in 166 milliseconds.