Final on Nostr: There'd be no realistic concerns. Attack surface is miniscule, even in a hot state it ...
There'd be no realistic concerns. Attack surface is miniscule, even in a hot state it needs a pretty thorough exploit chain and would need to be bespoke to a target. I don't recommend keeping a device seized and returned in the state it's returned in anyway. I'd disable any network access, take any important files out (you should have backups) and reset it.
Some customers of forensic tools are known to implant spyware into seized devices when returning it. Serbian law enforcement did it, but those came with the prerequisite of having the device unlocked by their Cellebrite tool to install it. The spyware in question appeared to not be provided by Cellebrite either. No access = no install.
Some forensiccompanies had tools that implanted spyware on AFU devices to keylog the PIN/Password when they could not access the device, such as GrayKey's Hide UI for iPhones. Hide UI alone was known to be buggy and problematic. It also didn't deliver the PIN remotely and required seizing it a second time when first revealed.
https://wccftech.com/how-fbi-uses-graykey-and-hide-ui-to-unlock-iphones/
Graykey moved away from being just for iOS devices a long time ago though.
OS updates and device differences can intentionally (and more often unintentionally) break how exploits work. For example Pixel 9 was unsupported by Cellebrite despite no major security changes, and only just became supported this February.
They'd likely put their focus on finding an exploit for the secure element to allow faster brute forcing.
Some customers of forensic tools are known to implant spyware into seized devices when returning it. Serbian law enforcement did it, but those came with the prerequisite of having the device unlocked by their Cellebrite tool to install it. The spyware in question appeared to not be provided by Cellebrite either. No access = no install.
Some forensiccompanies had tools that implanted spyware on AFU devices to keylog the PIN/Password when they could not access the device, such as GrayKey's Hide UI for iPhones. Hide UI alone was known to be buggy and problematic. It also didn't deliver the PIN remotely and required seizing it a second time when first revealed.
https://wccftech.com/how-fbi-uses-graykey-and-hide-ui-to-unlock-iphones/
Graykey moved away from being just for iOS devices a long time ago though.
OS updates and device differences can intentionally (and more often unintentionally) break how exploits work. For example Pixel 9 was unsupported by Cellebrite despite no major security changes, and only just became supported this February.
They'd likely put their focus on finding an exploit for the secure element to allow faster brute forcing.