This mysterious iPhone upgrade protects your data from thieves

Lance Whitney/ZDNET

Apple has added a new security feature to the iPhone, apparently designed to thwart criminals. But it’s also been thwarting police.

Introduced with iOS 18, the new feature automatically reboots an iPhone if it’s been asleep and in lock mode for an extended period of time. After a reboot, an iPhone becomes more difficult to crack since either the passcode or biometric verification is needed to unlock it. The apparent goal is to prevent a thief (or police officer) from trying to hack into your phone and potentially access your personal data.

Also: Did your Apple Notes vanish from your iPhone? Here’s how to find them

The feature seems to have come to light based on the findings of law enforcement officials in Detroit, Michigan, as reported by 404 Media. Officers examining iPhones for forensic purposes discovered that the devices would mysteriously reboot themselves, making it more difficult to unlock and access them. Initially, the working theory was that the phones would reboot when disconnected from a cellular network for a period of time. 

However, the explanation is actually much simpler. Referring to the feature as an “inactivity reboot,” AppleInsider says that this reboot timer isn’t based on network connectivity or the phone’s charge. Rather, the reboot simply occurs after a specific length of time — around 96 hours. 

This timer is similar to the Mac’s hibernation mode, which puts the computer to sleep as a precaution in case the power goes out or the battery charge is depleted.

Also: I changed 5 ChatGPT settings and instantly became more productive – here’s how

Security experts have also weighed in, seemingly confirming the new capability.

“We have identified code within iOS 18 and higher that is an inactivity timer,” said Christopher Vance, a forensic specialist at Magnet Forensics, as noted by AppleInsider. “This timer will cause devices in an AFU state to reboot to a BFU state after a set period of time, which we have also identified.”

AFU stands for After First Unlock, in which the phone has been unlocked with a passcode since it was last turned on. This state leaves the iPhone more vulnerable to cracking by savvy thieves and forensic experts. BFU stands for Before First Unlock, which refers to when the phone has been powered down or rebooted and never unlocked, making it more difficult to crack.

Also: MacBook Pro vs. MacBook Air: How to decide which Apple laptop is best for you

An expert named Jiska Classen of Secure Mobile Networking Lab said on X that Apple added the inactivity reboot feature in iOS 18.1. Implemented in certain iOS processes, including one known as the Apple SEP Key Store kernel extension, the feature has nothing to do with the phone or wireless network state, Jiska added. SEP is the Secure Enclave Processor designed to protect sensitive user data, while the Key Store is used when unlocking the device.

“This is a cheap & great mitigation,” Classen explained. “While most people won’t have their phone forensically analyzed, many more will have their devices stolen. It protects user data in both cases.”

Featured

Editorial standards

Comments (0)
Add Comment