Detroit police are concerned about a wave of iPhones in custody that are restarting without warning. Restarting makes it more difficult for law enforcement to search the devices for evidence.
404 Media broke the story based on documents it obtained that appear to have been written by police in Detroit, Michigan. The documents include a memo explaining the problem and warning other law enforcement officials to be aware of the problem.
“The purpose of this notice is to spread awareness of a situation involving iPhones, which causes iPhone devices to restart in a short period of time (expected to be within 24 hours) when removed from the cellular network,” the document said. “If the iPhone was in After First Unlock (AFU) state, the device returns to the pre-first unlock (BFU) state after restarting. This can be very dangerous for the recovery of digital evidence from devices that are not supported in any case other than AFU.”
The state of an iPhone’s lock determines how easy it is for police to use third-party tools like Cellebrite to crack and crack. When the iPhone starts up after power down, it is in BFU and it is very difficult to get into it. The police can break into the phone, but it is difficult and the data they can extract is limited.
“The information contained in the released BFU mainly includes system data; However, there may be a small amount of user-generated data found within the extract that may provide new clues in certain cases,” explains an article from the Dakota State University Digital Forensics Lab. “This type of output is small, and most of the information is system/application data, as well as cached images and videos not generated by users.”
In Detroit, police don’t know why iPhones are restarting, but they suspect it may be a security feature of iOS 18.0. Ironically, the reboot happened on phones that were in airplane mode and those that were inside a Faraday box that normally blocks outside signals. Police suspect that the phones may have communicated with each other in some way.
“It is believed that iPhone devices with iOS 18.0 delivered to the lab, if conditions are met, communicate with other AFU-enabled iPhone devices,” said documents published by 404 Media. “That connection sent a signal to the devices to reboot after a long period of time since the device was inactive or disconnected from the network.”
In one case, police speculated that the investigator’s personal device had caused other phones to reboot. But they are confused. “The exact conditions that must exist for this restart to happen are unknown and it will still be necessary to conduct tests and research to add more information to the new problem we are facing now. What is known is that this new ‘feature’ of sorts has increased the difficulty of preserving digital evidence,” the documents said.
Police warned other investigators to take precautions. “If AFU devices in the lab are not showing up on iOS 18 devices, take action to isolate those devices before they do,” the documents state. “Labs should take a current inventory of their AFU devices and identify if any of them have been restarted and lost their AFU states.”
Apple did not return Gizmodo’s request for comment.
Source link
