Apple’s new iPhone software includes a new security feature that will reboot the phone if it hasn’t been unlocked for 72 hours, according to security researchers.
Last week, 404 Media reported that law enforcement officials and forensic experts are concerned that some iPhones are rebooting themselves under unknown circumstances, making it more difficult to access the devices and extract data. Citing security researchers, 404 Media later reported that iOS 18 has a new “inactive reboot” feature that forces a device to restart.
Now we know exactly how long it takes for this feature to start.
On Wednesday, Jiska Classen, a researcher at the Hasso Plattner Institute and one of the first security experts to discover this new feature, posted a video demonstrating the “inactive reboot” feature. The video shows an iPhone left unlocked rebooting itself after 72 hours.
Magnet Forensics, a company that provides digital forensics products including iPhone and Android data extraction tool Graykey, also confirmed that the feature’s timer is 72 hours.
An “inactive reboot” effectively puts your iPhone in a more secure state by locking the user’s encryption keys in the iPhone’s secure enclave chip.
Classen wrote of the You can’t completely block it from criminals’ devices. “Three days is still plenty of time to coordinate steps with a professional analyst.”
Contact us
Do you work for a mobile forensics company or law enforcement agency? We’d like to hear from you. For non-work devices, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, on Telegram and Keybase @lorenzofb or via email. You can also contact TechCrunch through SecureDrop.
The iPhone has two states that can affect the ability of law enforcement, forensic experts, or hackers to unlock it by brute-forcing the user’s password or exploit security flaws in the iPhone’s software to extract data. These two states are “Before First Unlock” (BFU) and “After First Unlock” (AFU).
When your iPhone is in BFU state, your data on your iPhone is fully encrypted and virtually inaccessible to anyone trying to access it unless they know your password. On the other hand, in AFU state, certain data is not encrypted and may be easier to extract with some device forensics tools. This applies even if your phone is locked.
An iPhone security researcher who visits Tihmstar told TechCrunch that iPhones in these two states are also referred to as “hot” or “cold” devices.
Tihmstar said many forensics companies are focusing on “hot” devices with AFU status. This is because at some point, the user entered the correct password that was stored in the iPhone’s secure area memory. In contrast, “cold” devices are much more difficult to damage because the memory cannot be easily extracted once the phone is restarted.
Over the years, Apple has been adding new security features that law enforcement agencies have come out against, claiming they are making their jobs more difficult. In 2016, the FBI took Apple to court to force the company to build a backdoor that could unlock the shooter’s iPhone. Ultimately, Australian startup Azimuth Security helped the FBI hack phones.
Apple did not respond to a request for comment.
