iPhones Seized by Cops Are Rebooting, and No One’s Sure Why
Cops in Detroit are freaked out about a wave of iPhones in their custody rebooting without warning. The reboot makes it much harder for law enforcement to search the devices for evidence.
404 Media broke the story based on documents it acquired that appear to be written by cops in Detroit, Michigan. The documents include a memo describing the problem and warning other law enforcement officials to watch out for the problem.
“The purpose of this notice is to spread awareness of a situation involving iPhones, which is causing iPhone devices to reboot in a short amount of time (observations are possibly within 24 hours) when removed from a cellular network,” the document said. “If the iPhone was in the After First Unlock (AFU) state, the device returns to a Before First Unlock (BFU) state after the reboot. This can be very detrimental to the acquisition of digital evidence from devices that are not supported in any state outside of AFU.”
The lock state of an iPhone determines how easy it is for cops to use third-party tools like Cellebrite to break in and root around. When an iPhone boots after a loss of power, it’s in BFU and much harder to get into. Cops can still brute force their way into the phone, but it’s harder and the data they can extract is limited.
“Information contained within a BFU extraction mainly includes system data; However, there may be a small amount of user-generated data found within the extraction that may provide new leads for certain cases,” an article from the Dakota State University Digital Forensics Lab explained. “This type of extraction is small, and a majority of the information is either system/application data, as well as cached images and videos that are not user-generated.”
In Detroit, the cops have no idea why the iPhones are rebooting, but they suspect it might be a security feature of iOS 18.0. Stranger still, the reboot occurred in phones that were in airplane mode and one that was inside a Faraday box which typically blocks outside signals. The cops suspect that the phones might have communicated with each other somehow.
“It is believed that the iPhone devices with iOS 18.0 brought into the lab, if conditions were available, communicated with the other iPhone devices that were powered on in the vault in AFU,” the documents published by 404 Media said. “That communication sent a signal to devices to reboot after so much time had transpired since device activity or being off network.”
In one case, the cops speculated that the personal device of an investigator triggered the reboot in the other phones. But they’re baffled. “The specific conditions that must exist for these reboots to occur is unknown and further testing and research would need to be conducted to add more specifics to the new hurdle we are now faced with. What is known is that this new ‘feature’ of some sort has increased the difficulty with forensically preserving digital evidence,” the documents said.
The cops warned other investigators to take precautions. “If a lab’s AFU devices have not been exposed to iOS 18 devices, take action to isolate those devices before they do so,” the documents said. “Labs should take a current inventory of their AFU devices and identify if any of them have rebooted and have lost their AFU states.”
Apple did not return Gizmodo’s request for comment.
Source link