Authors: Mitch Kajzer (St. Joseph County, IN Cyber Crimes Unit)
DFRWS USA 2022
Abstract
Beginning with the iPhone 11, Apple introduced the U1 (Ultra Wideband) chip. This chip utilizes a short-range, low energy, wireless communications protocol. The U1 chip provides highly accurate spatial and directional data, enabling phones (and items such as AirTags) to be tracked with high precision. The U1 chip also maintains power and connectivity, even if a device is in Airplane Mode or completely powered off. This allows for offline tracking of devices equipped with the U1 chip. Does this allow for offline wiping of an iOS device?
In this talk, the implications of the “always on” U1 chip will be discussed. Specifically, what are the tracking capabilities? Can the chip be turned off? When a device is in a powered down state, will the U1 chip accept commands, such as a wipe command? Through extensive testing, and wiping, current best practices for digital evidence handling will be discussed. Finally, future best practices will be proposed based on the findings of the research.