Court Documents Show That FBI Has a Tool to Extract Private Signal Messages From iPhones in AFU Mode

 


The FBI supposedly has a tool for accessing private messages in the Signal messenger on the iPhone. This is evidenced by court documents related to the New York arms trade case.


The court documents contain screenshots of messages discussing the arms trade that the defendants exchanged on Signal in 2020. The screenshots also show some metadata indicating that law enforcement was able to extract the correspondence in Signal when the iPhone was in AFU mode.


It should be clarified that AFU mode (short for “after first unlock”) is the state in which the iPhone stays most of the time. When the device is in this state, the user can only unlock it using biometrics (Touch ID or Face ID) without having to enter a password.


While in AFU mode, the iPhone uses only one set of encryption keys, which is much easier to crack than in BFU mode, which uses multiple sets of encryption keys. BFU mode (short for “before first unlock”), which the device switches to every few days, is much safer than AFU, and requires the user to enter a password. It is very difficult to decrypt the data stored on the device in this mode.


Using special tools that exploit vulnerabilities in hardware and software, forensic scientists can extract data from the iPhone when it is in AFU state, since then the encryption keys are stored in the device's memory.


In the case of the aforementioned arms trade case, it is presumably the iPhone 11 (Pro or Max) or the second generation iPhone SE. Whether the police can access personal data on the iPhone 12 remains to be seen. It is also unclear what version of the software was installed on the device.


Previous Post Next Post