FBI bested by Apple; iPhone in Lockdown Mode protected all the secrets of a reporter
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
According to court documents filed recently, the FBI found itself unable to access the data contained on the iPhone of a Washington Post reporter, Hannah Natanson, despite the physical seizure of the device.
The barrier that stopped federal experts wasn’t a complex password or unknown encryption, but a feature often overlooked in iOS: the “Lockdown Mode“.
iPhone in Lockdown Mode is extremely secure, resistant to FBI analyses
The saga began last January, when federal agents conducted a search at the reporter’s home, as part of an investigation into leaks of classified information.
The objective was to gather evidence regarding Aurelio Perez-Lugones, a government contractor accused of illegally withholding information about national defense and passing it to the press.
During the raid, agents seized several electronic devices, including a MacBook Pro, an audio recorder and an iPhone 13.
However, when the FBI’s Computer Analysis Response Team (CART), the unit specializing in forensic analysis of seized devices, tried to extract data from the smartphone, it ran into an insurmountable obstacle.
The government documents, which oppose returning the devices to Natanson, candidly acknowledge the failure: because the iPhone was in Lockdown mode, the team was not able to perform the forensic extraction. At the time of discovery, the phone was on and charging, but the display clearly showed the activation of this particular security mode.
A fortress against mercenary spyware
Lockdown Mode was introduced by Apple with a precise aim: protect users from highly sophisticated cyberattacks, such as those carried out via mercenary spyware like Pegasus from the NSO group.
This feature drastically reduces the so-called “attack surface” of the device, strictly limiting some apps, web browsing, and, crucial for law enforcement, physical connections.
As explained in Apple’s support documentation, when the mode is active, to connect an iPhone to an accessory or another computer, the device must be unlocked. This detail is essential. Mobile forensics tools widely used by law enforcement, such as GrayKey or the systems developed by Cellebrite, operate by physically connecting to the phone’s port to attempt to force unlock or extract data.
Andrew Garrett, CEO of the forensics analytics company Garrett Discovery, has confirmed that many advanced techniques and tools in police hands rely on vulnerabilities that Lockdown Mode explicitly blocks or limits. In effect, by activating this feature, the journalist made standard wired data-extraction procedures ineffective.
Partial success and the ongoing challenge
Despite the iPhone protection succeeding, the FBI operation was not a total failure, highlighting how digital security depends on every link in the chain. Agents were able to access Natanson’s second main device, the MacBook Pro.
Although the reporter had stated she did not use biometric data, the laptop required Touch ID or a password. Following investigators’ instructions, the journalist placed a finger on the reader and the computer unlocked immediately.
Even though a full physical image of the laptop’s internal memory had not yet been obtained, the agents were able to photograph and record conversations that took place on the Signal application, thereby partially bypassing the lock imposed by the impenetrable smartphone.
This episode fits into a pattern of constant chase between Silicon Valley giants like Apple and Google, and the companies providing surveillance technologies to governments. Only in 2024 did it emerge that Apple quietly introduced code that restarts iPhones after a period of inactivity, placing them in a state known as “Before First Unlock” (BFU), much harder for the police to breach.
Luca Zaninello
Appassionato del mondo della telefonia da sempre, da oltre un decennio si occupa di provare con mano i prodotti e di raccontare le sue esperienze al pubblico del web. Fotografo amatoriale, ha un occhio di riguardo per i cameraphone più esagerati.