Several iPhones stored at the offices of a forensic analysis firm are being rebooted, possibly as a result of a new security measure implemented by Apple that complicates law enforcement’s work.
The relevant iPhone has the same operating system and has been updated to iOS 18and the fact that they had been disconnected from cellular networks for some time (just over a month ago they were sent to a computer forensics lab).
The website reports on this new complication at a forensic analysis laboratory working with the police 404 mediaReports suggest that the restart may be a new security measure Apple takes when devices are updated to iOS 18.
The iPhone sent by law enforcement for forensic analysis was divided into two parts: BFU (before first unlock) e AFU (after first unlock). Referring to the iPhone (or iPad) you can find yourself in a state where these unique elements drastically change the way people try to bypass unlock codes.
From a technical perspective, the contents of a restarted iPhone remain encrypted until the unlock code is entered, which is critical to generating the encryption key required to decrypt the iPhone’s file system.
Simply put, a rebooted device is more difficult to unlock and less likely to be accessed using specialized software that operates in a narrow range and can access small portions of memory.
In a document that appears to come from Detroit (Mich.) police officials, the issue is highlighted and recommendations are provided on how to isolate devices that need to be rebooted.
In addition to new security measures that Apple may provide, it is not ruled out that other problems on some devices (such as hardware failure, abnormal consumption, or battery failure) may cause a restart. The fact remains that with an iPhone in its BFU (Before First Unlocked) state, many features of the device are restricted or disabled, complicating the already limited access possibilities.
When law enforcement seizes an iPhone or iPad from a suspect who does not intend to cooperate in delivering the unlock code, they are instructed to keep the iPhone in BFU state (the recommendation is to power up the device as soon as possible so that it does not go off); these devices can continue to be used with External communications, in order to prevent remote initialization, must be isolated from the outside using a “Faraday cage” (i.e. a container that can be isolated from any external network).
For all the news on IT security, see macitynet’s dedicated section.