Police Freak Out at iPhones Mysteriously Rebooting Themselves, Locking Cops Out (404media.co) 129
Law enforcement officers are warning other officials and forensic experts that iPhones which have been stored securely for forensic examination are somehow rebooting themselves, returning the devices to a state that makes them much harder to unlock, 404 Media is reporting, citing a law enforcement document it obtained. From the report: The exact reason for the reboots is unclear, but the document authors, who appear to be law enforcement officials in Detroit, Michigan, hypothesize that Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time. After being rebooted, iPhones are generally more secure against tools that aim to crack the password of and take data from the phone.
"The purpose of this notice is to spread awareness of a situation involving iPhones, which is causing iPhone devices to reboot in a short amount of time (observations are possibly within 24 hours) when removed from a cellular network," the document reads. Apple did not provide a response on whether it introduced such an update in time for publication.
"The purpose of this notice is to spread awareness of a situation involving iPhones, which is causing iPhone devices to reboot in a short amount of time (observations are possibly within 24 hours) when removed from a cellular network," the document reads. Apple did not provide a response on whether it introduced such an update in time for publication.
Theft protection (Score:5, Informative)
I recently got notifications on my Pixel about enabling theft protection features that lock the screen if there's a suspected snatch of the phone. Plus another setting that will lock the phone if it goes offline. Seems reasonable to me.
Re: (Score:3)
I suspect the issue is less "rebooting" and more "iOS updates by itself"
That's the first feature I turn off. Reason being I don't want the fricken phone rebooting on me because I work from like 11pm to 8am and every stupid decide in the world decides the best time to reboot is 2AM.
Re:Theft protection (Score:4, Informative)
I have a somewhat similar issue with my smart watch. It runs a backup to the phone, which then further backs that up into the cloud. The problem is, they designed it with "no one ever turns off their devices" in mind, so it will only run a backup in the middle of the night. Which is when both my phone and watch are shut off. There's no way to trigger the backup manually. So I either leave both on overnight once in a while, or live with "watch not backed up in over 7 days!" warnings. Sigh.
Re: (Score:3)
With no connectivity? The timing would be unlikely, cops getting a phone after an update had been downloaded, but before it was installed. But it's not clear that even that is sufficient. Apple says "When an update is available, iPhone downloads and installs the update overnight while charging and connected to Wi-Fi. You're notified before an update is installed."
Re: (Score:2)
The OS can't update itself if it's in a Faraday cage. The cops isolate a confiscated phone from the cell network to prevent remote wiping.
Re: (Score:2)
I believe iOS tries to learn your activity schedule so will perform the reboot at your convenience - which can be immediately, 2AM or when it decides you're normally idle. And the 2AM ones you schedule require your password.
It also has to be plugged in before it does the update - I've missed many 2AM reboots because it isn't plugged in at all.
But anyhow, these phones are completely disconnected - they're even rebooting when in a faraday cage, so they're not getting any update the whole time. After all, the
Re: Theft protection (Score:2)
iPhones allow saying âoeyes and do not ask againâ.
Re: (Score:2)
Yes, but i learned that it isn't enabled by default.
I had to manually enable it on my Pixel 6.
Re: (Score:2)
Pixel devices also have a lockdown mode, usually accessible by holding the power button down. That disables biometric unlock.
There is also a panic mode that is activated by rapidly pressing the power button 5 times. You can configure it to do things like start recording video, text emergency contacts, or call the emergency services.
Re:Theft protection (Score:5, Interesting)
What I really want is a voice command "Hey Google, lockdown" where it locks the screen and only accepts the PIN to unlock.
Re: (Score:2)
as was pointed out ... at least a decade ago, maybe closer to two decades : https://xkcd.com/538 [xkcd.com]
Personally, I wouldn't hit the person with the wrench. Too much chance of accidentally killing them - which is insufficiently profitable.
I'd use the wrench (particularly if it's a "combination" wrench with a "ring" part of about 13~15mm to break each of the finger joints in sequence from tip to hand. So that's 12 to 16 agonies before we start on the f
Re: (Score:2)
It's not meant to defeat a determined attacker not concerned with the law. It's meant to deter nosy cops that want to turn a traffic stop into a lot more. Courts have ruled that the 5th covers entering your pin but not pressing your finger on the pad to be read or using your face to unlock.
They MIGHT threaten the PIN out of someone, but that will tend to blow back on them in court (both as prosecution and later as civil defendant).
It might also have value against somewhat opportunistic criminals that don't
Re: (Score:2)
Seems reasonable to me.
Same here. Essentially applies to all moving of the phone not authorized by its owner. Remember that on the technological side, the police is an _attacker_.
Re: Theft protection (Score:2)
I got the notice too on my Samsung. However I was given a choice of which features to enable. It wasn't automatic.
Re: Theft protection (Score:5, Informative)
Then you unlock the screen.
The idea is that if someone snatches your phone from your hand they wonâ(TM)t have access to the unlocked phone.
Re: (Score:2)
Re: (Score:2)
The phone should lock immediately if it goes out of network range where a user can tell Apple to lock it remotely via FindMy.
The word immediately shows you didn't think this through. The end result would be a constant stream of locks while people are using their devices. Phones are somewhat imperfect at switching networks and frequently will drop out a connection tot he network even if coverage is good, to say nothing of the many times people use their phones on the edges of coverage areas.
Re: Theft protection (Score:3)
The way grapheneos has been implementing this feature for years is to give the user the ability to configure a reboot timer. By default, if you haven't unlocked it in the last 18 hours, it reboots.
Re:Theft protection (Score:5, Informative)
It just locks the phone, it doesn't make it explode. It's up to each user to decide if the extra hassle of unlocking after any false positives outweighs the added security of having the feature enabled.
Re:Theft protection (Score:4, Funny)
It just locks the phone, it doesn't make it explode.
Except those intended for the Lebanese market.
Re: (Score:3)
It sets the phone in the state when rebooted -- In the case of Android phones, I assume this means that the fingerprint sensor won't work to unlock it.
Re: (Score:2)
My phone's information screen on this setting doesn't specify that, but if that's true then you're right that biometric unlock would not work, which would increase the hassle level a bit.
Re: (Score:2)
That is exactly how it works. The lock screen looks normal but when you go to unlock it specifies that the security policy requires the use of the PIN to unlock and that biometrics are disabled. All google's lock functions work like this including the theft detection, the remote device lock, and the locking function from findmyphone.
Re: (Score:2)
I wonder what determines a snatch? You're out at walking pace, then a sudden acceleration? How is that different to getting into a tube? Maybe they're good triggers like you've left your phone behind anyway.
Turn your phone off at the border (Score:5, Interesting)
Cops have tools to scan a phone's RAM. They can read the memory of active apps and possibly use the information to crack the device.
Always turn your phone off when going through customs or in any other scenario where it might be confiscated and searched.
Re: Turn your phone off at the border (Score:2)
Re: Turn your phone off at the border (Score:5, Insightful)
What about when they say it should be on so they can verify it or check it actually is a phone or laptop?
Thats what X-ray machines are for.
Never really quite understood the policy of “smash buttons until it makes lights” Neanderthal mentality with this kind of security validation. That’s a fucking bomb if it’s not a phone or laptop. Ask the bomb squad if they “power on” the bomb first to make sure it’s a bomb and not a phone.
Re: Turn your phone off at the border (Score:3)
Re: Turn your phone off at the border (Score:5, Informative)
I wouldn't travel without a phone. What if you're stranded middle nowhere and need to call for a taxi? Or maybe you need to use the airline app to check some details or perform check-in. If you are concerned with a police search, get a burner phone. My local second-hand shop has iphone 7 starting 70 €, or older Samsung Galaxy for 50 €.
Re: (Score:2)
You and I have different understandings of "middle of nowhere". Mine starts at "5 hours walking until you get to a phone signal". What is yours?
On the way out, you do your "check in" from home, where you're leaving your phone. On the way back, you use your hotel's "business centre" (if on Work's bill) or an Internet cafe. See also, ink-on-paper for passwords.
Re: (Score:2)
Most people would find it really difficult being without a phone for 1 day. Let alone 10 days in a foreign country.
Personally, I'd do what others have suggested, take a cheap burner phone and put in your SIM card. If you are on eSIM, then just get a temporary SIM and input the numbers for your friends / family / work colleagues in case of an emergency.
Foreign Traveller Survivor: Phoneless (Score:2)
Re: (Score:2)
Re: (Score:2)
That’s a fucking bomb if it’s not a phone or laptop.
They assume the more likely option of drug smuggling. You'd have to remove components to make space so it won't boot.
Re: (Score:2)
That’s a fucking bomb if it’s not a phone or laptop.
They assume the more likely option of drug smuggling. You'd have to remove components to make space so it won't boot.
You're talking about the Bendgate industry who hardly has room for a headphone jack now. The hell they gonna stuff in the average smartphone footprint that a drug dog couldn’t find, no technology needed? Two joints and a shot of 190-proof regret?
Re: (Score:2)
They want to make sure that you didn't replace the battery with plastic explosives, which would look identical on x-ray.. Kinda niche, but that's security theatre for you.
Re: (Score:2)
Re: (Score:2)
Which is kind-of why, for a decade and a bit, airports all over the world (well, Europe, Africa, Canada, Russia, Arabia ; I don't know about America) have been replacing X-ray (only) machines with ones that incorporate MR and/ or other technologies alongside the X-ray system, and can overlay images from the different sensors with the X-rays.
Then there's the THz scanning systems that can pick up surface-conductance of materials (clothing, skin, conducting layers in your el
Re: (Score:2)
Re: (Score:2)
You press the Power button like the police could do by themselves, then leave it like that. If it boots to the login manager, it is a functional device.
Re: (Score:2)
Re: (Score:2)
What about when they say it should be on so they can verify it or check it actually is a phone or laptop?
That's for getting ON the plane.
Border searches are done when you get OFF the plane.
TSA != CPB
Re: (Score:2)
Depends. The US maintains customs posts in other countries so they can screen people before they ever get on the plane.
Re: (Score:2)
A few years ago they picked out my 6 y/o laptop because a screw was missing, they suggested I potentially hid something inside.
Only after appealing to a supervisor who eventually concluded a missing screw on an old laptop was nothing unusual could I board including the laptop.
And yes, of course it was X-rayed.
Re: Turn your phone off at the border (Score:2)
Re: (Score:2)
Almost any technical operation can be largely automated if you do it often enough. By now, they have dedicated hardware devices with custom probes that they just attach in a standard way to the main normal models of phone. They press a single button and it records everything they need to have.
Re: (Score:2)
We're talking about direct reading of memory. You are attaching to the RAM chip on the main board, completely bypassing the USB security. Unless you are encrypting all memory access from the CPU, nothing short of wiping the device will help here.
Re: (Score:2)
"But what if I have nothing illegal on it and d
Re: (Score:2)
Not much point for most folk, since border control can generally require you to turn on and unlock your phone.
In police-states they can. Hence remember to never have anything potentially incriminating on your phone and remember that the laws in different countries are different. Oh, and if they connected anything to your phone, regard it as compromised and get a new one.
Re: (Score:2)
Re:Turn your phone off at the border (Score:4, Informative)
Always turn your phone off when going through customs or in any other scenario where it might be confiscated and searched.
In the case of iPhone, this does the job without powering off: simply hold the volume-up and the right button simultaneously to get to the power-off/medical-id/SOS/911 screen. After that, the phone is locked (i.e., needing PIN to unlock). On iOS 18, swiping to the control panel screen and pressing the 0/1 power icon in the upper right corner also leaves the phone in a locked state.
Re: (Score:2)
After that, the phone is locked (i.e., needing PIN to unlock).
You're missing the point. They don't need the PIN to snapshot the RAM.
Re: Turn your phone off at the border (Score:2)
I thought I read that in emergency mode, all non-critical apps unload. Is it possible they are no longer in RAM?
Re: Turn your phone off at the border (Score:2)
So, you just remove the battery to clear the RAM. Oh wait .
Re: (Score:2)
You're missing the point. They don't need the PIN to snapshot the RAM.
If you are logged in. If an iPhone user is not logged in there is very little useful information you can log into RAM.
This is incorrect (Score:2)
There are two states the iPhone can be in - Before First Unlock and After First Unlock.
If your the cops take possession of your iPhone, you want it to be in BFU, because sensitives things are not yet decrypted to memory.
Doing the button-pinch trick will make it require the passcode - it will disable FaceID. It will not get you to BFU.
Re: (Score:2)
Re: Turn your phone off at the border (Score:2)
How do they even know which social media to ask for ? I don't have much, besides slashdot .
Re: (Score:2)
The basic strategy for electronics is to clone them, then power down the original so it can't wipe itself. Once you have the virtual clone you can make as many secondary clones as you want to fiddle with and you can fake their inputs so they believe they're in whatever circumstances you want them to believe they're in.
However, yeah, the latest Israeli tools probably just make the phone the cop's bitch.
Your average tech cop is just plugging in the correct cable to the correct machine and following the step
Re: (Score:2)
Unpopular opinion: cops should have the right to examine someone's phone, but only if they are incapacitated or suspected of a serious crime. We shouldn't take that away because some people are afraid of exposing their porn preferences or casual racism when taking a flight.
Have you tried turning it off and on again? (Score:5, Insightful)
The police may be decrying it as a security feature (and it may be) but I'm inclined to say that it's probably just some kind of a self-repair protocol on the iPhone trying to revive the connection. I've been trying to reconnect for a day. It hasn't worked. Time for the ultimate fix.
Re: Have you tried turning it off and on again? (Score:2)
Seems like a reasonable assumption.
Or the Microsoft way.
Re: (Score:2)
The odd part is that phones that have been in policy custody for quite some time (and pre-iOS 18) have been spontaneously power cycling, thus putting them in the BFU (Before First Unlock) state, which is a much more secure and difficult state to crack than AFU (After First Unlock). You know, how that first unlock of your phone requires the pin, but subsequent can use face ID, fingerprint, etc.
When law enforcement confiscate a phone they try to keep power to it so it never goes back to the BFU state, giving
Re: (Score:2)
Sorry, what exactly tells them to reboot? (Score:3)
hypothesize that Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time.
Not quite getting this theory. If the phones just rebooted themselves after not being connected I'd get it, but what the above sentence is saying is that something is "telling nearby phones to reboot"... what is the something that's sending that message? It's not the cell towers, because that's disconnected according to the theory.
Re: (Score:2)
You have to assume alot here, but given the various spectrums and low power modes of communication an iPhone is capable of (NFC, bluetooth, whatever proprietary protocol apples airdrop and airtags uses) their Faraday cage may not have the appropriate shielding to counter all forms of radio communication.
Also apple has devices that are capable of pushing updates to completely uninitialized and still inside the unopened box. so one would assume this does not require cellular and would be very possible to impl
Re: (Score:2)
hypothesize that Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time.
Not quite getting this theory. If the phones just rebooted themselves after not being connected I'd get it, but what the above sentence is saying is that something is "telling nearby phones to reboot"... what is the something that's sending that message? It's not the cell towers, because that's disconnected according to the theory.
The something telling phones to reboot is a line in the iOS 18 security update.
I didn't read any implication that the force telling the phone to reboot was external to the phone itself.
It could be worse (Score:5, Funny)
They could be Israeli produced phones...
Re: (Score:2)
Funny not funny. And only Funny moderated comment. I think the story had more potential for humor.
First rule: make a copy (Score:2)
Updated article confirms Apple code change (Score:3)
https://www.404media.co/apple-... [404media.co]
Probably a software update... (Score:4, Informative)
I know every time my iPhone software updates it requires the passcode. I am sure that's all this is, and the police are making a big deal out of something that has been a stock feature in iOS for years.
Re: (Score:2)
Do iOS updates install silently without the user's consent?
Novel idea (Score:2, Insightful)
Don't use your phone for criminal activities, then you've no concern.
If you want to communicate with privacy, people were using PGP long before mobile phones.
Re: (Score:2)
No why didn't anyone think of that. Oh wait they did. Countless criminals are using various cryptographic secured software on their phones or PCs for communication. That's why it's so lucrative for police to get access to your unlocked device, it exposes not only your chats, but those of people with whom you communicate.
Unless you're using PGP with a calculator and a pencil at some point an electronic device is susceptible to attack and countless major criminal rings have been taken down when their special
Re: (Score:2)
My dude, go give 'Three Felonies A Day' a read. Follow that up with 'You Have The Right To Remain Innocent.'
Then lose your childish idea that criminal investigators are infallible paragons of truth.
There's an awful lot of people who have been sentenced to death for crimes that they didn't commit. Just ask Project Innocence.
crimes? (Score:2)
I'm curious about the types of crimes the cops expect to solve by cracking these phones. Which types of crimes make them work so hard to gain this access?
I'd bet most of it is petty. Poor cops, its so much harder to be the man when there are electronic locks. Probably why they stick to beatdowns most of the time. Like xkcd come to life, "Beat him with this state issued club until he is defenseless, cuff him, then we'll just use Face ID."
Geolocating (Score:2)
Maybe they're using the geolocation feature to detect when it's inside of a police station, and then locking it.
For ordinary regular folks (not police officers) there are a very limited number of reasons your phone would be inside a police station for extended periods of time, so maybe that's a trigger.
I have no idea, just speculating.
If it quacks... (Score:2)
I can understand where the Detroit investigators are coming from. After all, you know the old saying: If it quacks, think zombie apocalypse.
More seriously, realizing that reboots seem to fix electronics, perhaps Apple and Google should implement reboots as an attempt to fix extended connectivity outages.
Seems like a great security feature (Score:2)
Iâ(TM)d love for it to be customizable - locked for more than x hours without being unlocked - reboot. No cell service for y hours, reboot. No wifi for z hours, reboot. No GPS signal⦠You get the idea⦠Good for making stolen devices less valuable to thieves. The fact that cops are difficult to tell apart from thieves in this context â" oh well. They already have exponential time back-off for incorrect unlock codes and a wipe after 10, so thatâ(TM)s good.
Re: (Score:2)
Meanwhile
https://www.gettyimages.com/ph... [gettyimages.com]
Re: (Score:2)
You think Trump is going to release a list he is on himself? You are not very smart, are you?
Re: Tim Cook and Other Pedos (Score:2)
The only reason they had a falling out is that they got in a bidding war over the purchase of Maison de lâ(TM)Amitie in Palm Beach.
They were quite literally BFFs from the early 1990s until 2004.
All if this stuff is a matter of public record.
Re: (Score:2, Flamebait)
Trump is a well-known guy, and none of Epstein's Lolitas named him as one of their clients.
There's no evidence that he's a pedo. He only sexually assaults adult women.
Re: (Score:2)
Maybe Trump is just better at bribing and threatening them and maybe worse.
Re:It's too bad we can't trust our own police (Score:4, Insightful)
Nobody says life is fair, and yes, the rich do get away with things the rest of us can't. But if you look at the US police in comparison to police around the world, they are pretty squeaky clean. In many countries, if you get pulled over on the roads, it's because the officer is looking for a bribe. In the US, if you offer a police officer a bribe, you are probably going to jail.
In America's safest neighborhoods, police are *welcomed* by residents with open arms. In America's most dangerous neighborhoods, police are seen as a threat. I wonder why.
Re: (Score:2)
The worst part is the police here hiding corruption. In most other places it’s out in the open. People riding around with back the blue stickers who wouldn’t think twice to pull a Karen in front of the cops and then seem flabbergasted when the cuffs come out.
Re: (Score:2)
There is, no doubt, some corruption, even in the US. But *hidden* corruption is definitely not as bad as *open* corruption. If it's hidden, then at least it can be said that it's not considered acceptable. If it's open, the good guys have basically completely given up.
Re: (Score:3)
Try to claim this isn't legalized theft by cops.
Re: (Score:2)
First, individual police officers don't get to keep the stuff forfeited through civil forfeiture.
Second, they don't get to just claim whatever they want. From your linked article:
Police officers can seize someone’s property without proving the person was guilty of a crime; they just need probable cause to believe the assets are being used as part of criminal activity, typically drug trafficking.
This is not the taking of stuff from innocent people. And if those people believe their things have been wrongly seized, they are able to challenge the forfeiture in court.
I can't say I'm a fan of the practice, but it is *NOT* the same as the taking of bribes.
Re: (Score:2)
Then, finally, it's fu
Re: (Score:2)
The 4th amendment protects us from search and seizure, except "upon probable cause." https://constitution.congress.... [congress.gov] Probable cause is what underlies civil forfeiture.
Is there a danger of abuse? Yes. Is it unconstitutional? No.
Is there widespread abuse? I doubt it. These are not, for the most part, innocent "victims" of the police. Saying otherwise is like suggesting that rioters who loot are "nonviolent protesters."
Re: (Score:2)
Re: (Score:2)
*A* congress person? Clearly, this movement is gaining traction.
Re: (Score:2)
Or maybe it's because people in less-safe neighborhoods consider the police the enemy because they think it's OK to steal and sell drugs and spray graffiti.
Re:It's too bad we can't trust our own police (Score:5, Insightful)
I think complainers are misunderstood. We're not saying that we hate our country. Instead, we see something sub-optimal and we want to make it better. This mindset of always striving to be better, instead of making excuses or succumbing to complacency, is what separates goodness from greatness.
Re: (Score:2)
Re: (Score:2)
Indeed. Look at Nazi Germany and then tell us how any other government is doing a bad job. Oh, wait.
Do you realize how utterly stupid you sound? Probably not.
Re: (Score:2)
Go live in Russian or North Korea then start whinging about freedom and democracy. You have no fucking idea.
Go live in Russia and North Korea and you can complain about US police as much as you like. They don't mind.
Re: (Score:2)
Probably because the tech that knows how to dump a phone has a stack of them to work on. And they are rebooting before they can get to them.