Apple has added a new security feature to the iPhone, apparently designed to thwart criminals. But it also disrupted the work of the American police.
Introduced with iOS 18, the new feature automatically restarts an iPhone if it has been in sleep and locked mode for an extended period of time. After a reboot, the phone becomes harder to hack because the passcode or biometric verification is required to unlock it. The goal is to prevent a thief from trying to hack the phone and potentially access personal data.
Protection against theft that has an unexpected effect
But this protection also had an unexpected effect with law enforcement in the city of Detroit (Michigan). The site 404 Media reports that police officers inspecting iPhones for forensic purposes discovered that the devices were mysteriously rebooting, making it more difficult to unlock and access them. Initially, it was assumed that phones would reboot when disconnected from a cellular network for an extended period of time.
The explanation is actually much simpler. AppleInsiderwhich calls this feature “idle reboot,” explains that this reboot timer is not based on network connectivity or phone charging. It simply occurs after a specific duration, approximately 96 hours.
This timer is similar to the Mac's hibernation mode, which puts the computer to sleep as a precaution in the event of a power outage or battery drain.
« We have identified a code in iOS 18 and later that is an inactivity timer,” explained Christopher Vance, forensic specialist at Magnet Forensics. “ This timer will restart devices in an AFU state to a BFU state after a set period of time, which we have also identified. »
Introduced with iOS 18.1
AFU means After First Unlock (after first unlock), which means the phone has been unlocked with a password since it was last powered on. This condition makes the iPhone more vulnerable to hacking by savvy thieves and forensic experts. BFU means Before First Unlock (before first unlock), which refers to when the phone was turned off or restarted and was never unlocked, making it harder to hack.
Secure Mobile Networking Lab expert Jiska Classen told X that Apple added the idle restart feature in iOS 18.1. Implemented in some iOS processes, including one known as the Apple SEP Key Store kernel extension, the feature has nothing to do with the state of the phone or wireless network, the specialist adds. SEP is the Secure Enclave processor designed to protect sensitive user data, while the Key Store is used when unlocking the device.
« It is an inexpensive and effective mitigation measure », continues Juska Classen. “ While most people don't have their phones analyzed by experts, many have their devices stolen. This protects user data in both cases. »
