We all have our simple 4-digit unlock code which (Apple tells us) will cause a lock-out if entered incorrectly 10 times. Enter it correctly and direct access to release the key is granted. In other words, despite what the very complex AES key looks like, it is released by a 4-digit PIN.
Next Elcomsoft tells us, they found a way to bypass the 10 attempts lockout by running their brute force attack directly on the security chip, bypassing the API that counts the attempts.
So, how does the average iOS user defeat the attack? Actually it's quite easy - don't rely on a 4-digit access code. Using the 'complex' passcode option to create a (minimum) 8-digit code would essentially defeat the attack. The brute-force must be performed upon the device and unlike a PC where it would happen in a few moments, an exhaustive scan of all 10,000 possible values takes around 40 minutes. Doubling the length would take 400,000 minutes (just under 280 days).
BTW, owners of the iPhone 3GS running iOS 3 should be even more scared, all an attacked has to do is delete the 4-digit code to gain full access to the device (there is no encryption chip).
This is only a quick report of the work Elcomsoft has done; interested readers should follow the link above to learn more about the attack.
In writing about their work, Elcomsoft's Vladimir Katalov gives some context: "Let's make it very clear: no privacy purist should ever use an iPhone (or any other smartphone, probably). iPhone devices store or cache humungous amounts of information about how, when, and where the device has been used. The amount of sensitive information collected and stored in Apple smartphones is beyond what had previously been imaginable. Pictures, emails and text messages included deleted ones, calls placed and received are just a few things to mention. A comprehensive history of user's locations complete with geographic coordinates and timestamps. Google maps and routes ever accessed. Web browsing history and browser cache, screen shots of applications being used, usernames, Web site passwords and the password to iPhone backups made with iTunes software, and just about everything typed on the iPhone is being cached by the device."
Elcomsoft has packaged all this into a simple toolkit which (fortunately?) is currently available only to "select government entries such as law enforcement and forensic organizations and intelligence agencies." One can only wonder how long until it gets into the hands of the bad guys.