Court documents obtained by media have revealed the FBI has specific tools that allow the bureau to access private Signal messages even on locked iPhones.
As per the documents, the FBI can intercept encrypted messages from iPhones in partial AFU mode, which is a short form for After Frist Unlock.
The clues were obtained through Seamus Hughes at the Program on Extremism at the George Washington University. The court documents contained screenshots of Signal Messages exchanged during 2020 between male accused charged for running a gun trafficking operation in NY.
Signal Chats Excerpts
The documents [PDF] filed by the Department of Justice and obtained by Forbes contained excerpts from Signal chats extracted from one of the iPhone devices obtained from the accused. The chats revealed that they not only discussed weapon trades but attempted murder too.
The screenshots showed metadata indicating that the FBI decrypted the Signal app on their phone during the partial AFU mode, a state when iPhones are most vulnerable to data extraction as encryption keys are stored in memory. Any hacker or hacking device can piece together the keys to unlock private data stored in the device.
FBI’s Favorite Hacking Tools
It doesn’t come as a surprise since the FBI has a reputation for using various tools to hack mobile devices. Security firms like Grayshift/GrayKey and Cellebrite have already developed software that aids the FBI in forensic investigations on mobile devices and allows the agency to extract sensitive data. In fact, Cellebrite claimed in December 2020 that its developed tool could decrypt messages from the Signal app.
Which iPhone Model is Vulnerable to Exploitation?
In this context, the vulnerable iPhone model is either the iPhone 11 (Max or Pro or both) and the second-generation iPhone SE. There is little clarity on whether the police can access iPhone 12 to extract private data and which iOS version can be exploited. However, newer iOS versions may offer enhanced security.
According to Signal’s spokesperson, the only way to keep your device safe is by keeping them up-to-date and using a stronger lock screen passcode.
“If someone is in physical possession of a device and can exploit an unpatched Apple or Google operating system vulnerability in order to partially or fully bypass the lock screen on Android or iOS, they can then interact with the device as though they are its owner.”
“Keeping devices up-to-date and choosing a strong lock screen passcode can help protect information if a device is lost or stolen,” Signal told Forbes.