Auto-Rebooting iPhones Are Causing Chaos for Cops

Maybe you already heard, but Donald Trump will be president of the United States again. The far-right is celebrating by calling for mass executions. The left is responding with their own election conspiracy theories. Convicted January 6 rioters are banking on a pardon. And women who oppose Trump have frankly had enough.

Ahead of Election Day, WIRED found that an “election integrity” app made by True the Vote, a right-wing group that helped popularize election denialism around the 2020 election, was leaking the emails of its users. In one instance it revealed an election officer in California who appeared to be engaged in illegal voter suppression.

Disinformation and other forms of election interference have been a major issue since Russia’s hack of the Democratic National Committee in the lead-up to the 2016 election. But 2024 appears to have been the worst yet, with US officials warning that Russia had amplified its efforts to unprecedented levels.

In non-election news, Canadian authorities arrested Alexander “Connor” Moucka, who is accused of hacking a slew of Snowflake cloud storage customers earlier this year. Security experts who’ve long followed the exploits of a hacker who went by the handle Waifu—whom authorities say is Moucka—believe him to be “one of the most consequential threat actors of 2024.”

A federal judge in Michigan sentenced Richard Densmore to 30 years in prison after he pleaded guilty to sexually exploiting a child. Densmore was highly active in 764, an online criminal network that the FBI now considers to be a “tier one” terrorism threat.

Finally, in WIRED’s first story published in partnership with 404 Media, reporter (and 404 co-owner) Joseph Cox took a deep dive into the world of infostealer malware—the same kind used in all those Snowflake account breaches Moucka is accused of committing.

And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Some iPhones that police have in their possession for forensic examination are suddenly rebooting themselves, making it more difficult for investigators to access their contents, reports 404 Media. Police use tools like Cellebrite to essentially hack into phones, but this is typically done when a device is in the so-called After First Unlock (AFU) state. Once they reboot, iPhones are put into Before First Unlock (BFU), which makes them much harder to access with forensic tools.

According to a document obtained by 404, police believed the sudden reboots stemmed from the fact that the devices run iOS 18, Apple’s new mobile operating system. The police suspected that iOS 18 contains a secret feature that allowed the impacted devices, all of which were in airplane mode, to communicate with other nearby iPhones, which sent “a signal to devices to reboot after so much time had transpired since device activity or being off network,” the document reads.

They’re half right. 404 reported Friday evening that multiple experts have discovered a new feature in iOS 18 called “inactivity reboot,” which appears to force iPhones to reboot on the fourth day after being locked—no secret signal-sending required. While the feature could help prevent robbers from using stolen iPhones, it’s clearly giving the cops a headache, too.

Bad news, kids. The retail chain Hot Topic confirmed this week that it suffered a data breach that exposed the personal information of some 54 million customers. The stolen data includes email addresses for all 54 million people, 25 million “lightly encrypted” credit card numbers, the names, phone numbers, and birthdays of 20 million customers, and even the home addresses of 10 million people. While the hackers behind the breach claimed to have data on far more people than the dataset contains—350 million customers—the exposed data could still be used for identity theft and other malicious activities. Not cool!

Authorities in Germany this week arrested a US citizen for allegedly giving American military secrets to the Chinese government. Identified only as Martin D. due to German privacy laws, prosecutors say he recently “worked for the US armed forces in Germany” and “obtained the information in question during his work with the US armed forces,” according to NBC News. Prosecutors claim that Martin D. “contacted Chinese government agencies and offered to provide them with sensitive US military information for forwarding to a Chinese intelligence service.” Martin D.’s arrest comes just a month after German authorities arrested a woman on suspicion of passing information about arms deliveries to Chinese intelligence.

The FBI is investigating whether Chinese state-backed hackers breached the iPhones of senior staff members in either the Kamala Harris or Donald Trump presidential campaigns, Forbes reports. The CEO of security firm iVerify, Rocky Cole, tells Forbes that his company’s software identified strange changes to the settings on the iPhones of campaign staff “in patterns that are not observed on healthy devices.” (Cole declined to identify which campaign’s staff was impacted.) The FBI told Cole that the affected iPhones belonged to known targets of Chinese hacker group Salt Typhoon, which reportedly breached several US telecom networks including AT&T and Verizon.