Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So what did we learn class? If you’re ever in a situation where your iPhone is being seized, power it down :)


You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.


> You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.

Iphones have 2 states when it comes to encryption:

Before First Unlock (BFU) - everything is encrypted. The most difficult state to hack.

After First Unlock (AFU) - data isn’t fully encrypted. Maybe it's for performance reasons. In this state exploits exist which police can use to get data.

Your suggestion of getting to the 'slide to power off' screen does NOT hardlock the phone (it does not put it in BFU).

It just means it requires a passcode. However, since it is in AFU mode, data can be exfiltrated with the right tools.

You should definitely power it down to be secure.


This is wrong. While this clears a some keys and prevents anyone from holding the phone up your face to unlock it, it doesn’t bring the phone back into a full BFU state.

Some keys can still be read, and depending on the exploit they use a lot of data could be extracted. BFU + good passcode is always the way to go.


>BFU state.

"Before first unlock", for those like me who weren't familiar with this particular acronym.


This was explained in the article.


If you have an iPhone SE Gen 3 (Or any other iPhone with TouchID, but models older than the SEGen3 have other weaknesses to worry about), you can do the same by spamming the power button 5 times.

You can also ask Siri to reboot or turn off your phone, Siri will ask you to confirm you want to do the action, but it doesn't take too long to do. Just in case you don't want to reach for your phone for what ever reason.


IDK about iOS, but android (or at least calyxOS/grapheneOS) has a feature where you can make the phone automatically reboot after a certain amount of time (thus removing the keys from memory).


Unfortunately, though, you won't be able to do so while handing it over, and US cops will just kill you if you take too long handing over your phone because they can.


Any time a police encounter starts, you can at least tap the standby button 5 times. It's not as good as a shutdown, but it will at least disable biometrics so it will require a password to unlock. They can't legally force you to reveal your password.


> They can't legally force you to reveal your password.

Indefinite contempt of court seems like "force" to me.

https://arstechnica.com/tech-policy/2017/05/jail-looms-large...


Unless you are shot dead for reaching into your pocket..


If the police encounter starts with a gun to your head, this makes it harder.


[flagged]


Everything that could happen must have already happened, and must have a linkable news story to boot. Or else it is not possible.


You probably don't have time. Especially if there is a gun pointed at you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: