FBI stymied by Apple's Lockdown Mode after seizing journalist's iPhone:
The Federal Bureau of Investigation has so far been unable to access data from a Washington Post reporter's iPhone because it was protected by Apple's Lockdown Mode when agents seized the device from the reporter's home, the US government said in a court filing.
FBI agents were able to access the reporter's work laptop by telling her to place her index finger on the MacBook Pro's fingerprint reader, however. This occurred during the January 14 search at the Virginia home of reporter Hannah Natanson.
As previously reported, the FBI executed a search warrant at Natanson's home as part of an investigation into a Pentagon contractor accused of illegally leaking classified data. FBI agents seized an iPhone 13 owned by the Post, one MacBook Pro owned by the Post and another MacBook Pro owned by Natanson, a 1TB portable hard drive, a voice recorder, and a Garmin watch.
Government investigators want to read Natanson's Signal messages, and were able to view at least some of them on her work laptop. The reporter has said she has a contact list of 1,100 current and former government employees in Signal, which she uses for encrypted chats.
The Justice Department described the search in a court filing that was submitted Friday in US District Court for the Eastern District of Virginia and noted in a 404 Media article today. The government filing opposes a motion in which the Post and Natanson asked the court to order the return of the seized devices. A federal magistrate judge previously issued a standstill order telling the government to stop searching the devices until the court rules on whether they must be returned.
"The iPhone was found powered on and charging, and its display noted that the phone was in 'Lockdown' mode," the government filing said. After the seized devices were taken to the FBI's Washington field office, the Computer Analysis Response Team (CART) "began processing each device to preserve the information therein," the filing said.
CART couldn't get anything from the iPhone. "Because the iPhone was in Lockdown mode, CART could not extract that device," the government filing said.
The government also submitted a declaration by FBI Assistant Director Roman Rozhavsky that said the agency "has paused any further efforts to extract this device because of the Court's Standstill Order." The FBI did extract information from the SIM card "with an auto-generated HTML report created by the tool utilized by CART," but "the data contained in the HTML was limited to the telephone number."
Apple says that LockDown Mode "helps protect devices against extremely rare and highly sophisticated cyber attacks," and is "designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats."
Introduced in 2022, Lockdown Mode is available for iPhones, iPads, and Macs. It must be enabled separately for each device. To enable it on an iPhone or iPad, a user would open the Settings app, tap Privacy & Security, scroll down and tap Lockdown Mode, and then tap Turn on Lockdown Mode.
The process is similar on Macs. In the System Settings app that can be accessed via the Apple menu, a user would click Privacy & Security, scroll down and click Lockdown Mode, and then click Turn On.
"When Lockdown Mode is enabled, your device won't function like it typically does," Apple says. "To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all."
Lockdown Mode blocks most types of message attachments, blocks FaceTime calls from people you haven't contacted in the past 30 days, restricts the kinds of browser technologies that websites can use, limits photo sharing, and imposes other restrictions. Users can exclude specific apps and websites they trust from these restrictions, however.
FBI agents had more success getting into Natanson's other devices, though the Justice Department complained that "Ms. Natanson misled investigators about the devices that were seized. She misrepresented to officers that the devices could not be unlocked with biometrics, possibly in order to prevent the Government from reviewing materials within the scope of the search warrant."
The Rozhavsky declaration said that during the home search, FBI agents "advised Natanson that the FBI could not compel her to provide her passcodes," but "the warrant did give the FBI authority to use Natanson's biometrics, such as facial recognition or fingerprints, to open her devices. Natanson stated that she did not use biometrics on her devices."
Natanson's personal MacBook Pro was powered off when it was found by FBI agents. The Post-owned MacBook Pro was found in a backpack in the kitchen and was powered on and locked. The FBI said an agent "presented Natanson with her open laptop" and "assisted" her in unlocking the device with her finger. The declaration described what happened as follows:
Natanson was reminded the FBI has authority to use her biometrics to unlock the laptop and Natanson repeated that she does not use biometrics on her devices. Natanson was told she must try, in accordance with the authorization in the warrant. The FBI assisted Natanson with applying her right index finger to the fingerprint reader which immediately unlocked the laptop.
In 2024, a federal appeals court ruled that the Constitution's Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan. That case involved a traffic stop, rather than a home search authorized by a warrant.
The FBI has so far been unable "to obtain a full physical image" of Natanson's work laptop, but did make a "limited partial live logical image," the government filing said. At least some of Natanson's Signal chat messages were set for auto-deletion, so FBI agents took photos and made audio recordings of the chats, but the government filing said this was done "only for preservation purposes and no substantive review has occurred."
The FBI apparently hasn't gotten any data from Natanson's personal computer. "Natanson's personal MacBook Pro is password protected and encrypted and therefore no imaging was effected. The FBI paused any further efforts because of [the] Court's Standstill Order. No review has occurred," Rozhavsky wrote.
The government said it processed data from the voice recorder and 1TB hard drive but has not reviewed the data yet. The Garmin watch wasn't processed before the court issued a standstill order; "therefore, no processing will occur until further order of the Court," the declaration said.
(Score: 1, Informative) by Anonymous Coward on Monday February 09, @07:16AM
Americans have the right to be spied on!
(Score: 3, Informative) by shrewdsheep on Monday February 09, @08:50AM
to delete all biometrics from my phone prior to entering the US next time. I hear, phone unlocking is compulsory for aliens on entering the US nowadays. Does anybody have recent experience with this?
(Score: 2) by SomeGuy on Monday February 09, @01:09PM (1 child)
So what would happen these days if someone didn't own a smartphone, making them "unscannable". Instant death sentence.?
(Score: 2) by Username on Monday February 09, @03:30PM
It wasn't her cellphone, it was the company phone. I'd assume they would focus on the laptop and call logs from the telco.
(Score: 2) by DannyB on Monday February 09, @05:55PM
Hey Apple / Google . . .
When the end user enrolls fingerprints to unlock the phone, how about also letting them enroll fingerprints to put the phone into lockdown.
For example, if I touch the fingerprint sensor with a certain finger, the phone unlocks.
If I touch with a certain different finger, the phone locks up tight.
An even much more gooder idea which is the very most bestest would be that the phone locks up tight, but gives the appearance of being unlocked.
Stupid people exist because nothing in the food chain eats them anymore.
(Score: 3, Insightful) by Username on Monday February 09, @06:03PM (1 child)
Why would the FBI advertise that they cannot get into a phone? To get better tools or to get criminals to use this "FBI proof" method?
(Score: 2) by JoeMerchant on Tuesday February 10, @05:18PM
I suspect this story was promoted to the press by agents of Apple.
🌻🌻🌻🌻 [google.com]