Apple's new "inactivity reboot" in iOS 18.1 frustrates law enforcement's access to iPhones

Shawn Knight

Posts: 15,829   +202
Staff member
Editor's take: A security feature introduced in the latest version of Apple's mobile operating system is reportedly causing headaches for law enforcement officials. It's a controversial issue among some, but one that Apple likely isn't going to compromise on.

404 Media reported last week that some iPhones in the possession of law enforcement were mysteriously rebooting, making it more difficult for forensic experts to break into them and extract data as part of investigations.

It wasn't exactly clear why or how this was happening at the time, but now we have a better understanding of what is going on.

A security researcher from Hasso Plattner Institute in Germany has seemingly cracked the case. According to Jiska Classen and others, Apple added a feature known as "inactivity reboot" to iOS 18.1 that reboots a device if it is inactive for a certain period of time.

Details are still emerging but the leading theory is that Apple's new feature reboots a device after four days of inactivity. Apple no doubt justifies the feature as an added layer of security, making iOS devices even less desirable for thieves that aim to resell devices or collect private data from them.

With less than a week to crack a stolen device before it reboots, thieves could decide to pass up iPhones in favor of Android handsets that don't such a restriction in place.

If that makes it harder for law enforcement to do their job, well… so be it. As we've seen in the past, Apple has little interest in going out of its way to break into its own devices to assist with police investigations.

As for the new feature, four days of inactivity feels adequate to trigger the feature. It's long enough that it isn't going to continually turn itself on by accident to the point that it becomes a nuisance, yet short enough to potentially have a meaningful impact against theft. And if the feature is triggered, all the owner needs to do is unlock the phone per usual using their passcode.

Permalink to story:

 
"...the leading theory is..."
"Apple no doubt justifies the feature as an added layer of security..."

So it's speculation with no direct confirmation of intent? Not sure I'd want to put words in Apple's mouth before they've said anything. You could end up being right of course, but it seems a little gun-jump-y. Personally I'd stick to the facts.
 
"...the leading theory is..."
"Apple no doubt justifies the feature as an added layer of security..."

So it's speculation with no direct confirmation of intent? Not sure I'd want to put words in Apple's mouth before they've said anything. You could end up being right of course, but it seems a little gun-jump-y. Personally I'd stick to the facts.
Asking for a quote from Apple might help also.
 
Should be a basic feature of modems/routers to stop memory only infections, suppose the hacker will then keep it active, but that makes it spottable on the web, if main purpose was to lay low waiting orders
 
"making iOS devices even less desirable for thieves that aim to resell devices or collect private data from them"

You think a thieve won't shoulder surf someone who has to punch in their code and then steal that phone once they get the code. Also, you think a thief cares if they sell a locked phone to someone, else? It's free money for them. Once they have the phone it's gone. It's not like they look at the phone that carefully before they steal it anyway.
 
I'm not familiar with workings of iPhones under the hood, so can someone explain why rebooting makes it harder to brute force?
 
I'm not familiar with workings of iPhones under the hood, so can someone explain why rebooting makes it harder to brute force?
I won't buy a an iPhone ever, my guest is relates to all computer devices that go into rest states with more info in memory and a higher state, easier to bring out.
So a reboot means a full check to come out of, maybe to a higher std
Plus in the resting state a device , PC, iPhone may be leaking additional info , maybe more communication tools active eg NFC, BT
Measuring micro voltages etc may mean only need 3 days on a device to brute force vs 30 days.
Think iPhones are quite protected vs brute force anyway

Imagine iPhone went to sleep hooked up to wireless apple earbuds , then maybe mimicking such earbuds can help access

IDK specifics , but mainly higher rest state on more info to be gain and broader attack zone
 
Back