PC World reports that researchers at the German Fraunhofer Institute for Secure Information Technology have shows that it only takes six minutes to reveal the passwords that are stored in your iPhone's password management system called "keychain".
The researchers first did a jailbreak on the iPhone with a SSH server installed. Then they copied a keychain access script to the iPhone which uses system functions to access entries in the keychain and outputs the details to the attacker.
The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode.
Researches said in a statement:
As soon as attackers are in the possession of an iPhone or iPad and have removed the device's SIM card, they can get a hold of e-mail passwords and access codes to corporate VPNs and WLANs as well, Control of an e-mail account allows the attacker to acquire even more additional passwords: For many web services such as social networks the attacker only has to request a password reset
If you're wondering how one would prevent any such attack, one possible way it to remotely wipe your stolen device using Find My iPhone. See the video below for demonstration of the attack.
[youtube=