In brief: Apple has a history of frustrating law enforcement, from denying requests to help unlock phones to refusing to add backdoors to its software. The latest Cupertino feature annoying officers and forensic experts is iOS 18's inactivity reboot tool, which reboots an iPhone after three days of inactivity. Now, researchers have demonstrated it in action.
Last week brought reports of police officials warning other departments that iPhones being stored in evidence for forensic examination were rebooting themselves. 404Media writes that security experts later confirmed that Apple had quietly introduced the feature in iOS 18.1.
Rebooting an iPhone makes it more difficult to break into using forensic tools such as Magnet Forensics' Graykey. The company wrote its own post on the feature and its security implications.
Jiska Classen, a researcher at the Hasso Plattner Institute and one of the first to notice the rebooting, published a video demonstrating it (via TechCrunch). The video confirms that iOS 18 reboots a handset after 72 hours of inactivity. The iPhone does this without any prompts or warnings.
See the latest iOS inactivity reboot in action!
– Jiska (@naehrdine) November 13, 2024
iOS 18 comes with improved anti-theft measures. Three days w/o unlock, the iPhone will reboot, preventing thieves from getting your data. (1/4) pic.twitter.com/H24Tfo1cSr
The problem being faced by those trying to break into iPhones – both criminals and authorities – is that the device is in its most secure state after a restart. It is in this Before First Unlock (BFU) state that the user's data is fully encrypted and almost impossible to access.
Apple's handsets indicate that passcodes are required after a restart, while iPhones in After First Unlock (AFU) states can be unlocked using just Face or Touch ID. Some data is unencrypted and easier to extract with certain tools in the AFU state.
Apple added a 7-day inactivity reboot feature in iOS 18, shortening the length of time to just three days in iOS 18.1.
Magnet Graykey suggests the simple solution is to ensure law enforcement extracts evidence from iPhones using its tools as quickly as possible – I.e., within 72 hours of seizing a handset.
This isn't the first time Apple has annoyed law enforcement. The Cupertino company famously refused to help the FBI access Syed Rizwan Farook's locked iPhone, one of the San Bernardino shooters.
