I haven’t been paying too much attention but I thought the issue was bypassing the safeties that kept them from getting to the brute-force process.
Something about ten bad passwords in a row and the phone would delete the data, and how fast it could be fed passwords.
At least that’s what I read around here somewhere.
When you create a PIN on your iOS device, THAT act causes the operating system to encrypt the data on your device, and requires a PIN that not only opens up the UI to use, but also that when the PIN is entered the OS employs a ‘key’ to unlock the encryption so the data are available to the user, the apps on the phone, or another device connected to the iOS device - by wired or wireless connection. The level of encryption employed is a 256 AES (Advanced Encryption Standard) bit ‘key’ — think about the nonsense key you enter to make downloaded software function; it’s somewhat like that but ‘longer.’
The data on an iOS encrypted device, or a Samsung or LG or HTC encrypted device are highly secure ‘at-rest’ by virtue of your PIN (not very secure) and the device-level encryption.
When you miss-guess the PIN too many times, Apples (and some others) “brick” to a locked unusable state that is AES encryprted, while Samsung Androids for instance reset-to-factory setting (’wipe’ the data, but really just destroy the keys to it— leaving the device bootable in a ‘from the factory’ state ... but your data that might remain are still 256 bit encrypted, with no key available)
256 bit AES encryption is in theory “computationally secure” - meaning (in theory a regular brute force attack - generating keys until the data are decrypted— would take longer than our lifetimes) your data are highly secure from someone trying to break through the front door. FRONT door is a key word. Apple refused to admit to, offer up, or develop a “back door”.
Obviously ‘someone’ knows how to get past 256 encryption when the key is missing/removed.
NET: Apple’s security is no better or worse than the industry standard for “highly-secure” — 256 bit AES.
NET: APPLE cannot on its own restore a deleted key in the key store. You cannot send a “bricked” iOS device to Apple and have them unlock it.
NET: APPLE refused to build a back door for future use.
I hope this helped a little.
REM: 256 bit encryption is 10e128 ‘times’ more secure than 128 bit encryption in common use over the public internet.
By the way, a clarification.
There *IS* a program from Apple called the Device Enrollment Program, or DEP.
There is a class of enterprise security software call MDM, or EMM - for managing and securing mobile devices, and it is in common use in the enterprise, healthcare and public sector worlds.
This software enables the company to see, secure and manage that device; control the apps on device and how they connect back into the company; restrict web site access; and wipe or lock the device (but only the enterprise data, NOT your photos) if it is lost, reported stolen, or simply in a state outside of corporate policy.
Until recently even THAT software could not un-brick an APPLE device that was locked by multiple password fails, or en employee refusing to provide it when they leave the company.
With the advent of Apple DEP, an ‘enrolled’ device can be un-bricked when the administrator of the EMM software sends a code to the device from the EMM. For what it’s worth, APPLE does not have this code; rather it is passed to the company when the device is enrolled in the DEP, and so STILL APPLE cannot un-brick a device - only the rightful owner. Apple DEP is a new, free service.
An analogous service/feature is available from Google for Androids Marshmallow and newer - called Android for Work.