I am writing this post on behalf of a friend, whom we’ll call Alice. Alice has a heightened risk profile due to activism.
Alice had a flight out of a US airport. When she arrived, there were ICE/DHS agents stationed at every entrance and exit. Their attitude was generally hostile. Alice made sure her ticket was printed and her iPhone 15 Pro (iOS 17.6.1) was off. FaceID and fingerprint scanning was disabled. Alice also wiped fingerprint smudges off of the screen before entering security.
She denied the biometric scan and was otherwise compliant with ICE agents processing passengers (from what I understand, TSA agents did not interact with travelers).
Alice’s phone was taken out of a bag and “passed around between several ICE/DHS agents”. They had custody of Alice’s phone for 2-5 minutes. The phone was returned powered on and unlocked on the homescreen.
My initial thinking is that Alice power off and replace the phone to prevent potential compromise until a security analyst can review it.
Do you know what model iPhone it was? Also it’s possible they just guessed the password if it was really bad. Any iPhone before the iPhone 12 is vulnerable to brute force attacks against the secure element at least according to the most recent leaks I’ve seen, unless there’s a new exploit since then.
iOS 17.6.1 is nearly two years old. I hope you meant 18.7.1 and your friend wasn’t dumb enough to ignore updates for that long. Either way any version of iOS other than 26 is no longer receiving updates for iPhone 15. Tell her to get rid of that phone, buy a new one, and follow this guide. If she can’t afford a new one, factory reset it and follow this guide.
Either the phone wasn’t fully off. Or her passcode was retrieved in other ways (bfu extraction leaked a app pin, surveillance, device infected prior to arrival, etc.)
You say the phone was passed around, was it ever connected to a device?
If they possessed some magic capability to crack BFU phones it wouldn’t be used at a airport checkpoint.
Thanks for the link to the guide. I will make sure to forward that to Alice.
Calling my friend dumb is not helpful, though. You didn’t hurt either of our feelings – we have thicker skin than that.
However, people do come here for resources and support. This kind of attitude towards anyone with less technological literacy than you might dissuade others from coming here for support or to share their expertise. I consider that to be a disservice not only to people looking for help, but also to the people already providing it.
The obvious lesson here which I’m hoping you’re already gathered by now is: always keep your devices and apps updated! And harden your OS as much as possible with the OS tools available to you.
Going forward though, I would not use this device and have your friend buy a new one and set that one up from scratch and not use the previous backup either.
For photos, you can use Ente Auth or Proton Drive to back up your media. And manually export your contacts list from icloud.com and import it on your new device. These two are the only and more important things you would want to have. Everything else is replaceable.
I dont know Alice son I can’t expect how knowledgeable she is. Probably she was targeted by cameras with face recognition stuff and that was why her phone was targeted as she is an Activist.
But humans makes mistakes she could taken out the password when turning off the fingerprint option.
Did she do that on the airport? as there are camaras that could see her typing her password.
some 0 day attack and that would be the worst-case scenario
Either way they could have put some malware on her device and if possible don’t use it.