What we build was a way to save and restore a raw copy of the NAND in an SSD. Since that is the only persistent media on the SSD, it is kind of like a "save game" situation where you can try different things and recover back to the previous state if you screw up. Now this is not exactly 100% true for NAND because some bits will be unstable and with multiple write cycles you make the data in a few locations progressively uncorrectable over time.
So with this technique, assuming the iPhone has no other persistent media, they could save the contents, attempt a password unlock and then restore the NAND contents when it gets too many retries.
As for ways to thwarts these attempts, most NAND memory have a pseudo OTP section and unique serial numbers which could be combined to make things more difficult. But these were not meant for cryptographics secure protection so I'm sure someone could find a way around them.
So with this technique, assuming the iPhone has no other persistent media, they could save the contents, attempt a password unlock and then restore the NAND contents when it gets too many retries.
As for ways to thwarts these attempts, most NAND memory have a pseudo OTP section and unique serial numbers which could be combined to make things more difficult. But these were not meant for cryptographics secure protection so I'm sure someone could find a way around them.