Is your iPhone rebooting after being inactive? It's a feature, not a bug

Sabrina Ortiz/ZDNET

Apple has added a new security feature to the iPhone, apparently designed to thwart criminals. But it’s also been thwarting police.

Introduced with iOS 18, the new feature automatically reboots an iPhone if it’s been asleep and in lock mode for an extended period of time. After a reboot, an iPhone becomes more difficult to crack since either the passcode or biometric verification is needed to unlock it. The apparent goal is to prevent a thief (or police officer) from trying to hack into your phone and potentially access your personal data.

Also: The 10 most popular passwords of 2024 are also the worst: 5 easy ways to do better

The feature seems to have come to light based on the findings of law enforcement officials in Detroit, Michigan, as reported by 404 Media. Officers examining iPhones for forensic purposes discovered that the devices would mysteriously reboot themselves, making it more difficult to unlock and access them. Initially, the working theory was that the phones would reboot when disconnected from a cellular network for a period of time. 

However, the explanation is actually much simpler. Referring to the feature as an “inactivity reboot,” AppleInsider says that this reboot timer isn’t based on network connectivity or the phone’s charge. Rather, the reboot simply occurs after a specific length of time — around 96 hours. 

This timer is similar to the Mac’s hibernation mode, which puts the computer to sleep as a precaution in case the power goes out or the battery charge is depleted.

Also: Did your Apple Notes vanish from your iPhone? Here’s how to find them

Security experts have also weighed in, seemingly confirming the new capability.

“We have identified code within iOS 18 and higher that is an inactivity timer,” said Christopher Vance, a forensic specialist at Magnet Forensics, as noted by AppleInsider. “This timer will cause devices in an AFU state to reboot to a BFU state after a set period of time, which we have also identified.”

AFU stands for After First Unlock, in which the phone has been unlocked with a passcode since it was last turned on. This state leaves the iPhone more vulnerable to cracking by savvy thieves and forensic experts. BFU stands for Before First Unlock, which refers to when the phone has been powered down or rebooted and never unlocked, making it more difficult to crack.

Also: MacBook Pro vs. MacBook Air: How to decide which Apple laptop is best for you

An expert named Jiska Classen of Secure Mobile Networking Lab said on X that Apple added the inactivity reboot feature in iOS 18.1. Implemented in certain iOS processes, including one known as the Apple SEP Key Store kernel extension, the feature has nothing to do with the phone or wireless network state, Jiska added. SEP is the Secure Enclave Processor designed to protect sensitive user data, while the Key Store is used when unlocking the device.

“This is a cheap & great mitigation,” Classen explained. “While most people won’t have their phone forensically analyzed, many more will have their devices stolen. It protects user data in both cases.”

Since the initial reports, Classen had shed more light on the new feature. Calling it part of Apple’s improved anti-theft measures, the reseacher posted a video on X demonstrating how an iPhone with the iOS 18.2 beta that’s been unlocked for three days will reboot, preventing thieves from accessing your data.

“Inactivity reboot puts your iPhone into ‘Before First Unlock’ state, effectively locking encryption keys in the Secure Enclave Processor,” Classen wrote. “Even if thieves leave your iPhone powered on for a long time, they won’t be able to unlock it with cheaper, outdated forensic tooling. While inactivity reboot makes it more challenging for law enforcement to get data from devices of criminals, this won’t lock them out completely. Three days is still plenty of time when coordinating steps with professional analysts.”

As another anti-theft advancement, iPhone users are now asked during the setup for iOS 18.2 if they’d like to enable Stolen Device Protection. Previously buried in the Settings menu, this option tries to prevent thieves from accessing your phone through your PIN by requiring biometric authentication more frequently.

Featured

Comments (0)
Add Comment