iPhone data is encrypted by default - remote wipe works by destroying the key. Unfortunately, the key is obviously only protected by a user's passcode, if they've even set one. The 4-digit pin codes have been shown to be broken, but I've not seen (maybe I missed it?) evidence of those with alphanumeric passcodes being compromised.
The issue is that I can conduct an unlimited-attempts brute force attack against the passcode. I can do about 10 per second on an iPhone 4S, but I do need access to the machine, unless I'm willing to crack open the iPhone and do a destructive hardware attack.
At 10 per second, I feel ok with an 8-10 character numeric passphrase, or a 7-8 character lowercase-only passcode.
I just wish the iPhone had some intelligence about adaptive locking -- lock faster when it's outside my home/car, don't go from unlocked to locked very fast, if at all, if docked in secure places inches from a 9mm. Or pairing with an RF device attached to me, like the Blackberry CAC reader.
reply