When you create a PIN on your iOS device, THAT act causes the operating system to encrypt the data on your device, and requires a PIN that not only opens up the UI to use, but also that when the PIN is entered the OS employs a ‘key’ to unlock the encryption so the data are available to the user, the apps on the phone, or another device connected to the iOS device - by wired or wireless connection. The level of encryption employed is a 256 AES (Advanced Encryption Standard) bit ‘key’ — think about the nonsense key you enter to make downloaded software function; it’s somewhat like that but ‘longer.’
The data on an iOS encrypted device, or a Samsung or LG or HTC encrypted device are highly secure ‘at-rest’ by virtue of your PIN (not very secure) and the device-level encryption.
When you miss-guess the PIN too many times, Apples (and some others) “brick” to a locked unusable state that is AES encryprted, while Samsung Androids for instance reset-to-factory setting (’wipe’ the data, but really just destroy the keys to it— leaving the device bootable in a ‘from the factory’ state ... but your data that might remain are still 256 bit encrypted, with no key available)
256 bit AES encryption is in theory “computationally secure” - meaning (in theory a regular brute force attack - generating keys until the data are decrypted— would take longer than our lifetimes) your data are highly secure from someone trying to break through the front door. FRONT door is a key word. Apple refused to admit to, offer up, or develop a “back door”.
Obviously ‘someone’ knows how to get past 256 encryption when the key is missing/removed.
NET: Apple’s security is no better or worse than the industry standard for “highly-secure” — 256 bit AES.
NET: APPLE cannot on its own restore a deleted key in the key store. You cannot send a “bricked” iOS device to Apple and have them unlock it.
NET: APPLE refused to build a back door for future use.
I hope this helped a little.
REM: 256 bit encryption is 10e128 ‘times’ more secure than 128 bit encryption in common use over the public internet.
I doubt its anything like that. What is most likely is that they cloned(Nand Cloned?) the entire contents of the phone and emulated it in a virtual machine. They try 10 tries at the pin, if it bricks, they kill the virtual machine and spawn a new one. Rinse, repeat until they get a valid pin.
Clearly it takes some pretty sophisticated techniques to accomplish this but it's faster than trying to brute force a 256bit key, which it's essentially impossible as we know it today.