Yeah but no auto reboot like GrapheneOS has and honestly how often do you turn your phone off.
Given the extensive chat log, could you please specify where it mentions that 1. an agent is necessary and 2. that MDM can prevent the installation of such an agent, even when using Cellebrite Premium or CAS? I contend that MDM is merely a UI block and can be easily circumvented by Cellebrite Premium or CAS. They can evidently bypass the USB restricted mode and bypass the manual approval required to trust an enterprise or side-loaded app, which is typically needed in the user interface if installed normally.
I believe Cellebrite possesses several local privilege escalation (LPE) zero-day vulnerabilities that allow them to gain AFU access. While they may not be able to achieve a complete jailbreak with these zero-days, they can obtain enough privileges to access the file system.
I completely agree. My responses are not intended as a criticism of your hardening recommendations; in fact, I think they are excellent. My comments are aimed at the overall security of the iPhone. Based on the evidence, I believe that no amount of hardening can fully prevent Cellebrite Premium or CAS. However, this hardening does effectively protect against Cellebrite Enterprise, Cellebrite UFED, and similar tools.
Yeah, but this guide doesnât make them resistant to AFU extraction, so you still have to turn off your phone
Itâs because AFU states are insecure by definition. Honestly, turning off your phone is almost always possible in any case unless you suddenly get shot from police, etc.
1 Like
GrapheneOS seems to resist AFU extraction
The usb bypass is possible due to apple not actually doing what is advertised unlike GrapheneOS. They likely still allow some sort of connection that these âadaptersâ can spoof themselves as. My Magic Keyboard still works BFU+ Lockdown Mode but I donât know if thatâs intended or not. These screenshots also back up this theory.
Hopefully we find more AFU limitations in the future and apple fixes its lousy usb restricted mode.
Just from the screen shot it isnât clear if that iPhone is in BFU or AFU. Also unknown if it has USB restricted mode enabled or if the unlock attempt was ever eventually successful.
We do know Major Adamâs phone remains locked. 
Not necessarily. Itâs pretty much always going to be less secure but not inherently insecure.
Not always going to be possible especially if youâre in distress. GrapheneOS has an auto reboot feature for this reason; it just needs to hold out in AFU long enough for auto reboot to kick in.
âAlso using Graykey 5.2.0 and it doesnât even recognize that a device gets plugged into it to even
do a BFU or an initial device identify.â
He got DMâs stating that he needs a new adapter from people with direct knowledge about these tools not internet scavengers like me.
Considering the usb setting is enabled by default on newer iOS, chances are like 80/20 that it was enabled.
This screenshot from a Cellebrite employee makes me wonder if USB-C added some limitations to their capabilities because it seems like the lightning connectors gave them no issue at all. The police officer also says Cellebrite Inseyets UFED documents refer to âlocked USB-Câ devices as unsupported but this has never been a problem before.
I suspect that the challenge lies more with Cellebriteâs engineering. Since Cellebrite CAS can bypass the USB-C restricted mode and perform AFU without any problems, I think they are simply delayed in implementing and rolling out this exploit across their Cellebrite Premium boxes, especially given the different variants of Cellebrite Premium boxes they need to support. Essentially, even the USB-C iPhone can be AFU extracted; itâs only a matter of time before all Cellebrite Premium boxes are capable of doing the same.
Thank you for your meticulous post. Do you think about converting it to a blog post, maybe?
iOS 18 and higher introduced a inactivity reboot timer that sends your device back to BFU after a certain amount of days. This is why keeping your phone up to date is important!
Apple Quietly Introduced iPhone Reboot Code Which is Locking Out Cops
2 Likes
I kinda just keep replying to this with new info I gather
3 Likes
Video of iPhone running iOS 18.2 beta 2 rebooting after 72 hours of not being unlocked.
Update on inactivity reboot by Magnet Forensics
1 Like
Apparently Graykey support matrix has been leaked. Standing by for nowâŚ