A simple PIN might keep your iPhone safe from the prying hands of a curious toddler or a drunk friend. But slap that thing in a robot that exists for no reason but to try every possible PIN one-by-one, and it’ll crack it right open.
These machines have existed for a while, but this one is particularly crazy: if you’ve got your iPhone set to clear all of its data after 10 failed guesses, it’ll try to exploit its way past that.
Note the “try” in that last sentence: while we’re still waiting on confirmation from Apple on this one, there’s a good chance that the trickery at play here only works if you’re on a build of iOS older than iOS 8.1.1 (Shipped November 2014). Apple’s notes for 8.1.1 mention patching a bug (CVE-2014-4451) that could circumvent the “the maximum number of failed passcode attempts”; it’s not clear if that’s the same bug at play here, though it seems likely.