Man
Professional
- Messages
- 2,965
- Reaction score
- 488
- Points
- 83
iPhones in police labs have started to take on a life of their own.
US law enforcement agencies are warning colleagues and forensic experts about a new problem when working with iPhones stored for forensic examinations. According to an internal document obtained by 404 Media, devices that were previously seized and were in isolated conditions are unexpectedly rebooted, making them more difficult to unlock and extract data.
The reason for the sudden reboots remains unclear. The authors of the document, presumably law enforcement officials in Detroit, Michigan, put forward a version that Apple could have implemented a new security feature in iOS 18. According to the hypothesis, iPhones can reboot if they are out of range of the cellular network for a long time. After a reboot, devices become more protected from tools designed to crack passwords and extract information.
The document says that it is necessary to notify colleagues about the situation with iPhones that reboot within a short time (possible observations are within 24 hours) when disconnected from the cellular network. This is especially true for devices stored in isolation for forensic analysis. Apple has not yet commented on whether it has added such a feature in iOS 18.
Several iPhones that were in the Forensic Lab in the After First Unlock (AFU) state suddenly rebooted and lost this state. Devices in AFU are considered more accessible to law enforcement using specialized device hacking tools. However, after the reboot, the iPhones went into the Before First Unlock (BFU) state, which made the process of accessing the data impossible using current technologies.
Recall that back in April 2024, mobile forensics company Cellebrite faced a problem: a significant part of modern iPhones turned out to be inaccessible to their hacking tools.
It is noted that three iPhones running iOS 18.0 arrived at the laboratory on October 3. According to experts, iOS 18 devices could exchange signals with other iPhones in storage in the AFU state. This communication could trigger a reboot command for those devices that have not been active for a long time or have been offline. Theoretically, this could affect not only the seized devices, but also the personal phones of forensic experts, if they are nearby.
The document concludes with a list of recommendations for data extraction labs. In particular, it advises isolating devices in the AFU state from possible contact with the iPhone on iOS 18. Labs are also encouraged to take inventory of existing devices and check for unexpected reboots and loss of AFU state.
With the release of the new version of iOS 18, Apple has taken another step in the fight against the market for used parts from stolen devices. Now, the Activation Lock feature extends not only to the iPhone itself, but also to its main components, such as the battery, cameras, and display. This innovation is aimed at preventing the resale of stolen parts and provides additional protection to users.
Source
US law enforcement agencies are warning colleagues and forensic experts about a new problem when working with iPhones stored for forensic examinations. According to an internal document obtained by 404 Media, devices that were previously seized and were in isolated conditions are unexpectedly rebooted, making them more difficult to unlock and extract data.
The reason for the sudden reboots remains unclear. The authors of the document, presumably law enforcement officials in Detroit, Michigan, put forward a version that Apple could have implemented a new security feature in iOS 18. According to the hypothesis, iPhones can reboot if they are out of range of the cellular network for a long time. After a reboot, devices become more protected from tools designed to crack passwords and extract information.
The document says that it is necessary to notify colleagues about the situation with iPhones that reboot within a short time (possible observations are within 24 hours) when disconnected from the cellular network. This is especially true for devices stored in isolation for forensic analysis. Apple has not yet commented on whether it has added such a feature in iOS 18.
Several iPhones that were in the Forensic Lab in the After First Unlock (AFU) state suddenly rebooted and lost this state. Devices in AFU are considered more accessible to law enforcement using specialized device hacking tools. However, after the reboot, the iPhones went into the Before First Unlock (BFU) state, which made the process of accessing the data impossible using current technologies.
Recall that back in April 2024, mobile forensics company Cellebrite faced a problem: a significant part of modern iPhones turned out to be inaccessible to their hacking tools.
It is noted that three iPhones running iOS 18.0 arrived at the laboratory on October 3. According to experts, iOS 18 devices could exchange signals with other iPhones in storage in the AFU state. This communication could trigger a reboot command for those devices that have not been active for a long time or have been offline. Theoretically, this could affect not only the seized devices, but also the personal phones of forensic experts, if they are nearby.
The document concludes with a list of recommendations for data extraction labs. In particular, it advises isolating devices in the AFU state from possible contact with the iPhone on iOS 18. Labs are also encouraged to take inventory of existing devices and check for unexpected reboots and loss of AFU state.
With the release of the new version of iOS 18, Apple has taken another step in the fight against the market for used parts from stolen devices. Now, the Activation Lock feature extends not only to the iPhone itself, but also to its main components, such as the battery, cameras, and display. This innovation is aimed at preventing the resale of stolen parts and provides additional protection to users.
Source
