Technology Review has taken a look at how the security for the iPhone has evolved over the generations, helping it gain credibility in the business and government markets that wouldn't want their data to be accessible by third parties. At the start, Apple was relatively lax - thankfully the company has improved to being industry leaders in encryption.
At the heart of Apple's security architecture is the Advanced Encryption Standard algorithm (AES), a data-scrambling system published in 1998 and adopted as a U.S. government standard in 2001. After more than a decade of exhaustive analysis, AES is widely regarded as unbreakable. The algorithm is so strong that no computer imaginable for the foreseeable future—even a quantum computer—would be able to crack a truly random 256-bit AES key. According to MacRumors.com, the National Security Agency has approved AES-256 for storing top-secret data.
Apple has highlighted, in a white paper on iOS security, the hardware security means that each iOS device has its own AES-256 key and it cannot be read directly.
On iOS devices, users can secure their device via a PIN pass code, akin to chip and PIN credit and debit cards. The standard is a four digit number, but users are advised to use more complex PINs to ensure that a brute force attack takes too long for most use. As each device has its own AES-256 key, it'd have to performed on the device itself. At 80 milliseconds an attempt, an eight-digit pass code could take as long as 15 years to be compromised.
At these sorts of security levels, it seems that iOS devices are indeed very secure. Hackers would be much better off using social engineering (like in Mat Honans case
) than trying to hack a device manually.