Apple's latest iPhone software introduces a unique security measure that automatically restarts the device if it remains unlocked for more than 72 hours, according to security experts.
Last week, 404 Media reported that law enforcement and forensic specialists were puzzled by unexplained iPhone reboots, which complicated data extraction efforts. The outlet later revealed that iOS 18 includes a new “inactivity reboot” feature designed to initiate a restart after prolonged inactivity.
The exact time frame for this reboot has now been confirmed.
On Wednesday, Jiska Classen, a researcher from the Hasso Plattner Institute, shared a video demonstrating this feature. The footage shows an iPhone rebooting itself after 72 hours of being idle and locked. Magnet Forensics, a company specializing in digital forensic tools like GrayKey for iPhone and Android, also verified the 72-hour limit.
This “inactivity reboot” enhances security by safeguarding the user’s encryption keys within the secure enclave chip of the iPhone.
“Even if thieves keep your iPhone powered on, they can’t unlock it using outdated forensic tools,” Classen explained on X. She added that although this feature creates hurdles for law enforcement trying to access data on criminals’ devices, three days is often sufficient for experts to coordinate their efforts.
iPhones operate in two security states that influence accessibility for law enforcement, forensic analysts, and hackers attempting to brute-force passcodes or exploit vulnerabilities. These states are referred to as “Before First Unlock” (BFU) and “After First Unlock” (AFU).
When in BFU, the iPhone’s data remains fully encrypted and is nearly impossible to access without the passcode. In AFU, however, certain data becomes accessible, even if the phone is locked, making extraction easier using forensic tools.
A security researcher known as Tihmstar told TechCrunch that devices in BFU are often called “cold” devices, while those in AFU are termed “hot” devices. Forensic tools tend to focus on “hot” devices since the correct passcode, once entered, is stored in the secure enclave, allowing easier access. Conversely, “cold” devices are much harder to penetrate because their memory becomes inaccessible following a reboot.
Apple has consistently introduced new security measures that have faced opposition from law enforcement, which claims these features hinder their investigations. A notable example occurred in 2016, when the FBI sued Apple to compel the creation of a backdoor to unlock the iPhone of a mass shooter. The case concluded with the FBI utilizing assistance from the Australian firm Azimuth Security to access the device.
Post a Comment