OP 08 November, 2024 - 02:55 PM
iPhones in police labs have taken on a life of their own.
US law enforcement agencies are warning colleagues and forensic experts about a new problem when working with iPhones stored for forensic examinations. According to an internal document obtained by 404 Media, devices that were previously seized and kept in isolated conditions are unexpectedly rebooting, which complicates their unlocking and data extraction.
The reason for the sudden reboots remains unclear. The authors of the document, presumably law enforcement officers in Detroit, Michigan, put forward a version that Apple could have implemented a new security feature in iOS 18. According to the hypothesis, iPhones can reboot if they are out of range of a cellular network for a long time. After rebooting, the devices become more protected from tools designed to crack passwords and extract information.
The document says that it is necessary to notify colleagues about the situation with iPhones that reboot within a short time (possible observations - within 24 hours) when disconnected from a cellular network. This is especially true for devices stored in isolated conditions for forensic analysis. Apple has not yet commented on whether it has added such a feature to iOS 18.
Several iPhones that were in the forensic lab in the After First Unlock (AFU) state suddenly rebooted and lost this state. Devices in AFU are considered more accessible to law enforcement using specialized device hacking tools. However, after the reboot, the iPhones went into the Before First Unlock (BFU) state, which made the process of accessing the data impossible using current technologies.
Recall that back in April 2024, the mobile forensics company Cellebrite faced a problem: a significant portion of modern iPhones turned out to be inaccessible to their hacking tools.
It is noted that three iPhones running iOS 18.0 were received by the lab on October 3. According to experts, devices with iOS 18 could exchange signals with other iPhones in the storage in the AFU state. This communication could initiate a reboot command for devices that have been inactive or offline for a long time. Theoretically, this could affect not only seized devices, but also forensic personal phones if they are nearby.
The document concludes with a list of recommendations for data extraction labs. In particular, it is recommended to isolate devices in AFU state from possible contact with iPhones running iOS 18. Labs are also advised to inventory their existing devices and check if an unexpected reboot and loss of AFU state has occurred.
With the release of the new version of iOS 18, Apple has taken another step in the fight against the used market for spare parts from stolen devices. Now the Activation Lock function applies not only to the iPhone itself, but also to its main components, such as the battery, cameras and display. This innovation is aimed at preventing the resale of stolen parts and provides additional protection to users.
source : https://www.404media.co/police-freak-out...-cops-out/
US law enforcement agencies are warning colleagues and forensic experts about a new problem when working with iPhones stored for forensic examinations. According to an internal document obtained by 404 Media, devices that were previously seized and kept in isolated conditions are unexpectedly rebooting, which complicates their unlocking and data extraction.
The reason for the sudden reboots remains unclear. The authors of the document, presumably law enforcement officers in Detroit, Michigan, put forward a version that Apple could have implemented a new security feature in iOS 18. According to the hypothesis, iPhones can reboot if they are out of range of a cellular network for a long time. After rebooting, the devices become more protected from tools designed to crack passwords and extract information.
The document says that it is necessary to notify colleagues about the situation with iPhones that reboot within a short time (possible observations - within 24 hours) when disconnected from a cellular network. This is especially true for devices stored in isolated conditions for forensic analysis. Apple has not yet commented on whether it has added such a feature to iOS 18.
Several iPhones that were in the forensic lab in the After First Unlock (AFU) state suddenly rebooted and lost this state. Devices in AFU are considered more accessible to law enforcement using specialized device hacking tools. However, after the reboot, the iPhones went into the Before First Unlock (BFU) state, which made the process of accessing the data impossible using current technologies.
Recall that back in April 2024, the mobile forensics company Cellebrite faced a problem: a significant portion of modern iPhones turned out to be inaccessible to their hacking tools.
It is noted that three iPhones running iOS 18.0 were received by the lab on October 3. According to experts, devices with iOS 18 could exchange signals with other iPhones in the storage in the AFU state. This communication could initiate a reboot command for devices that have been inactive or offline for a long time. Theoretically, this could affect not only seized devices, but also forensic personal phones if they are nearby.
The document concludes with a list of recommendations for data extraction labs. In particular, it is recommended to isolate devices in AFU state from possible contact with iPhones running iOS 18. Labs are also advised to inventory their existing devices and check if an unexpected reboot and loss of AFU state has occurred.
With the release of the new version of iOS 18, Apple has taken another step in the fight against the used market for spare parts from stolen devices. Now the Activation Lock function applies not only to the iPhone itself, but also to its main components, such as the battery, cameras and display. This innovation is aimed at preventing the resale of stolen parts and provides additional protection to users.
source : https://www.404media.co/police-freak-out...-cops-out/
![[Image: NoXfDZ2.gif]](https://i.imgur.com/NoXfDZ2.gif)