Apple devices running the latestare now susceptible to having their passcodes hacked. This would allow someone complete access to your stored data.
The hack, which requires direct access to the mobile device, involves a combination of brute force attack (trying out every likely combination of a password) and breaking the encryption system itself.
ElcomSoft admits that "explaining what we did to break this encryption is not exactly easy", but it basically involved decrypting security keys which are generated as a combination of the unique device ID and the user's passcode.
The hack somewhat relies on user reluctance to implement strong passwords. iOS devices allow the use of four-digit passcodes, akin to PINs, which are fairly easy to remember and enter on the touchscreen. As there are only 10,000 available combinations, finding the code shouldn't take long.
It's also possible to use longer passwords, but they require use of the on-screen keyboard in portrait mode, and can become a pain to enter every time the device needs to be unlocked. As with all password choices, using longer, non-dictionary words make Apple's mobile devices virtually uncrackable. This is particularly true if the backups stored in iTunes are also protected.
ElcomSoft is planning to sell its cracking software, but promises it will only distribute to "established law enforcement, forensic and intelligence agencies." We'll resist the urge to get political, and leave it to your imagination who might end up with this software. That's assuming it's not already on BitTorrent.
What isn't clear is whether the Apple's "nuke" function, which can be set to wipe data after a number of failed authorisation attempts, kicks in or if that has somehow been sidestepped.
Our advice? Don't put sensitive stuff on your iPhone or iPad. If your iPhone is stolen or confiscated, you should remotely wipe it.