Apple quietly introduced code into iOS 18.1 which reboots the device if it has not been unlocked for a period of time, reverting it to a state which improves the security of iPhones overall and is making it harder for police to break into the devices, according to multiple iPhone security experts.
On Thursday, 404 Media reported that law enforcement officials were freaking out that iPhones which had been stored for examination were mysteriously rebooting themselves. At the time the cause was unclear, with the officials only able to speculate why they were being locked out of the devices. Now a day later, the potential reason why is coming into view.
“Apple indeed added a feature called ‘inactivity reboot’ in iOS 18.1.,” Dr.-Ing. Jiska Classen, a research group leader at the Hasso Plattner Institute, tweeted after 404 Media published on Thursday along with screenshots that they presented as the relevant pieces of code.
How I do this in Lineage?
Wait two weeks, someone will implement this as a Magisk module
I think there is no such Option in LOS yet. GrapheneOS on the other Hand has this Option for years. If you want to safe at least your signal messages/contacts Molly has a similar function to encrypt after a setted time of not using it.
The way this article is framed sounds like bullshit to me. 18.1 was released less than 2 weeks ago. Any phone running this version of iOS would have had to already been in custody and somehow upgraded to this version, or otherwise brought into custody very recently—too recently for this to have already posed such a problem that law enforcement is “freaking out” and reporting it to the media.
iOS has auto update for a while and iOS users update their devices more often than Android. 2 weeks is not a long time for adoption of new version for iOS.
The ars article mentioned 18.0 had a bug that caused random reboots so it might’ve been mostly that
Don’t they auto update the OS when connected to a charger? But even then, that would have triggered a reboot already.
This is the easiest thing for people with money, and motivation to avoid happening.
Remove the sim card if it’s an older device, use a Faraday cage (your microwave is one) or a jammer. If you are the government you can also tell the telecom to block the phone from connecting
I think you’re seriously overestimating the technical prowess of the average law enforcement officer…
Police may be leaving phones online in case it continues receiving relevant evidence (texts, emails, etc).
The way this article is framed sounds like bullshit to me. 18.1 was released less than 2 weeks ago. Any phone running this version of iOS would have had to already been in custody and somehow upgraded to this version, or otherwise brought into custody very recently—too recently for this to have already posed such a problem that law enforcement is “freaking out” and reporting it to the media.
A non-insignificant amount of people have been running the public betas because of Apple intelligence, RCS / iMessage toys, UI customization, etc. For example, MixPanel reported about 2% of the iOS install base running 18.0 before 18.0’s launch. IMHO, that’s pretty crazy for a beta OS.
Why does rebooting it improve the safety or security of the phone?
Most likely after rebooting but before unlocking the decryption key is not present in memory in plaintext.
When you first boot up a device, most data on that device is encrypted. This is the Before First Unlock (BFU) state. In order to access any of that data, someone must enter the passcode. The Secure Enclave uses it to recreate the decryption keys that allow the device to access that encrypted data. Biometrics like Face ID and Touch ID won’t work: they can’t be used to recreate the encryption keys.
Once you unlock the device by entering the passcode the device generates the encryption keys and uses them to access the data. It keeps those keys in memory. If it didn’t, you’d have to enter your passcode over and over again in order to keep using your device. This is After First Unlock (AFU) state.
When you’re in AFU state and you lock your device, it doesn’t throw away the encryption keys. It just doesn’t permit you to access your device. This is when you can use biometrics to unlock it.
In some jurisdictions a judge can legally force someone to enter biometrics, but can’t force them give up their passcode. This legal distinction in the USA is that giving a passcode is “testimonial” because it requires giving over the contents of your mind, and forcing suspects to do that is not legal in the USA. Biometrics aren’t testimonial, and so someone can be forced to use them, similar to how arrested people are forced to give fingerprints.
Of course, in practical terms this is a meaningless distinction because both biometrics and a passcode can grant access to nearly all data on a device. So one interesting thing about BFU vs AFU is that BFU makes this legal hair-splitting moot: biometrics don’t work in BFU state.
But that’s not what the 404 Media articles are about. It’s more about the forensic tools that can sometimes extract data even from a locked device. A device in AFU state has lots of opportunities for attack compared to BFU. The encryption keys exist, some data is already decrypted in memory, the lightning port is active, it will connect to Wi-Fi networks, and so on. This constitutes a lot of attack surface that hackers could potentially exploit to pull data off the device. In BFU state, there’s very little data available and almost no attack surface. Automatically returning a device to BFU state improves resistance to hacking.
Fun fact: in Australia we don’t have a bill of rights of any kind, so the cops can just force you to reveal your passwords. The maximum penalty for refusing is 2 years imprisonment.
Umm I forgot.
To the ASIO agent assigned to tracking my every online move:
- I didn’t see this comment.
- I don’t understand it.
- I would never do such a thing.
- I’m sorry this is what your life has been reduced to. Your patriotism is misplaced and you would be happier if you worked against the creeping surveillance state rather than for it. You know better than any of us how horrible it is, and you have the skills we need.
Honestly, as an american, I could live with watered down rights if it meant a more representative government
Oh yeah, just don’t read about what happens to our prime ministers when they attempt to defy the empire. Totes democracy we got over here.
wtf
what!
Also, in the BFU state, iPhones at least, won’t allow any data connections through USB
It’s more complicated than that. It’s called USB restricted mode. The lightning port is always willing to do a minimal subset of the protocols that it supports in order to do smart charging. By default most of the protocols it supports are disabled in BFU state. In AFU state it gets more complex than that. Accessories that you’ve previously connected can connect for one hour after the device is locked. This helps keep USB restricted mode from being really annoying if you briefly disconnect and reconnect an accessory.
USB restricted mode can be disabled by a user option (Settings > [Touch / Face] ID & Passcode > Allow Access When Locked > Accessories) or by a configuration profile. Disabling it allows accessories to connect at any time, and generally lowers the security of your device. But in some cases that’s necessary, for instance when you use an accessibility accessory to use your device.
If USB restricted mode is a concern for you, you should consider Lockdown Mode (Settings > Privacy & Security > Lockdown Mode). This changes several settings on your device to make it much more resilient to attack.
Very informative. Thank you.
You mentioned the lightning port. Is there any difference with the newer phones with USB-C when it comes to these functions?
I’m glad you find this informative. It’s a topic that’s important to me both personally and professionally, and there’s a lot of wrong information out there. But the best and most reliable info is in the Apple Platform Security Guide, such as Activating data connections securely and Direct memory access protections for Mac computers.
In this topic I don’t think there’s any important difference between USB-C and lightning. Both form factors support a bunch of USB protocols as well as some Apple-only protocols, and both have USB restricted mode.
Once rebooted, you need to enter your PIN to unlock the phone (and the SIM as well). Before that it is not possible to unlock the phone with biometric credentials (face ID or fingerprint).
As far as I’m aware, police can force you to hand over your biometric credentials (they can hold the phone to your face to unlock it when you have face ID enabled, or can move your finger to the fingerprint sensor). But they can’t force you to reveal the PIN number.
Yep: but they can’t force you to give them the password because of 5th Amendment protections from self-incrimination.
And even if they did have the right to tell you to give them the password, they don’t have access if you simply refuse to cooperate. They can get your fingerprints, face ID, or retina scan by force. They cannot extract information from your brain.
BTW: Lots if phones also have a “lockout mode” that can be enabled that will give you the option to lock it down to password-only without turning it off. It can be good for recording police interactions, because it will continue to record them while they can’t access the contents of the phone if they swipe it from you.
What about amputating the hand?
or can move your finger to the fingerprint sensor).
Good luck guessing which finger and on which hand. You have 3 tries before a password is required.
Yeah but that would imply they are bringing the phones to the person multiple times to use their face/finger, or they are keeping the phone active so it never locks, unless they are actively changing the settings to never lock somehow. Seems like an easier fix to just require you to enter your pin to change your lock setting to indefinitely.
Side note: the last time I was arrested the officer asked me if I wanted to reboot my phone or turn it off before handing it over so I knew they weren’t going to go through it. Was surprised
I don’t know how the procedere would be executed, but I imagine that police could have the phone present during an interrogation and try to nlock it there (possibly by making you to look at the phone to unlock it, if the phone has been set up to unlock this way). Once unlocked, it would be sufficient to have a peek into the camera roll or messages, until the phone locks again. I don’t know about the law, but I can imagine that if a police officer had a look into your phone, even briefly, it may be held against the one who is being interrogated.
The more full reason is that the device is still encrypted prior to first unlock and is harder to extract any information from. As to what you said about police requiring you to enter your PIN, they can’t. You can’t be forced to reveal your passwords/PINs but they can legally force you to unlock biometrics (fingerprint/face ID)
I never said they could require you to enter a pin, my words are often a jumble. I was saying cops actually asked me if I wanted to restart or shut down my phone so I had peace of mind that they wouldn’t go through it.
As I understand it, even though after Reboot the OS looks like its in about the same state with the wallpaper and same password to unlock, the fact that it hasn’t been unlocked yet means that certain attacks don’t work as well. I don’t know why specifically. I think it’s because the attack may still work but doesn’t reveal any sensitive data because it’s just the ROM, wallpaper, sim, etc.
BFU (before first unlock) vs AFU (After first unlock)
Basically encrypted vs decrypted
BFU has always been useful, it’s nice there’s a bit of autonomy to it now.
It’s also a good time to mention Shortcuts app has lots of useful functions that can automate your phone for security reasons. There are several community made / managed shortcuts that can do things like lock down the phone, enable certain features, and even start recording audio/video on the off chance you’ve been pulled over or are in some sort of situation. You can also tell the phone to power off / reboot via shortcuts which can be a final step after recording and uploading content to the cloud.
Stay safe out there.
Meanwhile security-oriented Android forks: “You didn’t do that?”
Actually, Graphene and Calyx have this feature. I believe graphene may have it on by default at 18 hours, but I do not know about Calyx.
Samsung phones have this as a feature too. I think it’s under device care
This is good but it isn’t quite the same thing. I want my phone to auto restart if I haven’t unlocked in for 12 hours.
Looks like the big difference is that this is on by default, it appears to get enabled when cops turn off internet access to prevent access to FindMy and remote lockdowns.
Oh nice
There’s also a feature to disable the biometrics for unlocking in general but to stay active to unlock apps (like bank apps or password managers). I like this because no matter what you can’t unlock my phone without the pin but I still get the convenience of using it for my app security
lineageOS has this as well, as does divestOS but you have to set it
I was unable to find this on lineage 21 and I don’t think it would work as well on lineage anyway, since the vast majority of the bootloaders cannot be locked once lineage is installed, which would negate a lot of this I would think.
my bad, i just checked on lineage 21 again and i can’t find it, but i’m sure it’s on divestOS
Calyx just copied the code from GrapheneOS, and I believe they still use the old GrapheneOS default of 72 hours
Well, if graphene turned it down to 18 hours, then they should as well. But I guess 72 hours is better than nothing.
GrapheneOS also has this. Not sure stock android includes it.
It does, labled “Auto Restart”, but only when “preformance issues detected” or time specified. Apple is quite late on this feature.
This is rebooting for a different reason. That auto reboot just kind assumes that the software on your phone sucks and it needs to reboot to stay running fast.
Graphene and now iOS auto reboot for security/privacy reasons.
The end result is the same though. First phone unlock is the one a bad actor can’t get through.
It’s not the same.
On an iPhone it’ll reboot after X hours of no use. That means it could go months without rebooting and the day after it’s in police hands it reboots.
The feature you’re talking about would need to be set to reboot every day at a specific time. Now you personally have to deal with that. Also until you unlock the phone as well there could be reduced functionality making it annoying.
Very different.
Not that hard to deal with honestly. Rebooting at night which I’m sleeping does not reduces any functionality, cuz I’m not using it. If someone needs to find me during the night he better call me cuz I won’t wake up by notification which is also suppressed by DND. Yeah it is not design for security but a solution better than none.
Furthermore, rebooting the device periodically is good for security, especially for non-persistent fileless malware.
on GrapheneOS it is labeled auto reboot and it specifically says “automatically reboot device if it hasn’t been unlocked in xxx hours” with a default of 18.
This is clearly the Samsung interface and thus not stock Android. Doesn’t even really look like the same feature.
Does that stop alarms from going off in the morning?
I’m on S21FE and it does NOT.
depends on your phone. at first encryption was done in an all-or-nothing style, so system startup couldn’t complete without a first unlock. then android started using file based encryption, which was used selectively, encrypting certain things so that they are accessible without an unlock.
the best way to figure it out is to set a new alarm 10 minutes from now, reboot your phone manually, and see whether the alarm goes off
That seals the deal for me on rooting my pixel. I’ve been hesitant about rooting ever since I bricked an extra galaxy s3 and nearly bricked my (main device) Verizon galaxy s5
GrapheneOS is the easiest ROM install bar none. Get the en browser (needs to be chrome-based) to the install url, hook the phone cable, and let it run. It’s super straightforward. It’s not rooting though, you don’t get root access by default.
Wow things sure changed about Android roms! I still remember how difficult it was to try to simply install a rom through Knox
samsung devices are still a different beast, they have their unique little everything and the standard tools don’t work there
You can add the function easily using https://play.google.com/store/apps/details?id=com.llamalab.automate, no root needed.
If you have a factory pixel, you don’t need to root. You can unlock bootloader and install a rom that has it (calyxos or grapheneos I know have them). You can root, but you don’t have to.
It’s either root or having access to my bank accounts. 🙄
Change banks.
Have a 20 year mortgage with that bank so no.
Putting graphineos onto my pixel was the easiest thing I’ve done in a long time, the installer is just pressing buttons and waiting for the next button to be ready pretty much.
Same question as catloaf but with less ambiguous things like banks: does Netflix, safety net, fox sports Australia and Google pay work with graphene os?
How does it work for stuff like bank apps? Do they freak out about it?
And does it require unlocking the bootloader? I prefer to keep mine locked if possible.
My bank app works fine and I can use the NFC chip for payments as well, it might pay to search up your bank name and graphineos to see if anyone’s had an issue, that’s what I did to make sure.
You have to unlock it to install but once installed they prefer you lock the bootloader back up again.
Samsung does too but I’ve not set it up as such. Instead, it automatically locks the device from biometric unlocks every 24 hours until you login with your pin again.
calyxOS has it too.
Didn’t know that. Just been manually rebooting. This is is much easier and more secure. Thanks!
Sure, glad to help. We need every bit of help against the powers that be at this point.
Agreed! When everything is actively against us, we must band together against everything.
Fighting centralized power with decentralized approach!
It does not. I don’t have it on my Pixel 6. From other people’s comments, it sounds like Samsung and other OEMs have added their version, though.
I’ve added this function manually using Automate (https://play.google.com/store/apps/details?id=com.llamalab.automate).
You can trigger it to reboot on inactivity using some advanced parameters, but I’ve simply set it up to reboot at 3.30 AM every day, that way it’s also clearing the cache.
This is how it looks like - the 5 min wait timer is to prevent a reboot loop if the phone is still booted up at 3.30 again.
Yeah, can confirm Samsung has this. I have auto reboot configured.
Thanks, didn’t know of this function. In my A50s it’s under Battery and Device Care
that makes me think that it’s a different feature, and it reboots the phone every x hours regardless if it was unlocked
Where would I find that setting? I have an S22 Ultra and I can’t seem to find it. Unless my phone has fallen out of support…
It’s under device care -> auto optimization in settings. You can also just search “restart” in settings and it should pop up.
Found it, thanks!
On one hand, Fuck Da Police
On the other hand, Fuck Apple
Do two fucks make a right?
Thank you Apple, right side of history here, fuck fascist pigs
Archived version (skip sign-up wall): https://archive.is/dxL65
If possible in your situation, reader:
Give 404 your proxy emails y’all… Proton, Mozilla, iCloud, whatever it is. They deserve the metrics.
i agree, they do deliver pretty good researched articles. it’s the only news site that gets monthly donations from me, and i’m not even interested in podcasts
They are absolutely shredding.
Good on you!
Yeah 404 doing journalism in the world of fake news…
Corpo shills can get fucked.
I think this used to be possible with tasker, ironically though probably not anymore before of all Google’s restrictions on Android. (maybe if you have root)
GrapheneOS periodically (once a day or so) forces me to put in the passcode. If this isn’t a stock Android feature that’s another reason to use Graphene. It also has a “lockdown” button in the power button menu that forces the same behaviour.
And grapheneOS also reboots if it hasn’t been unlocked in the past 36 hours. Maybe the amount of time is different by default though, I might have changed it.
Pretty sure it’s stock android, my phone does it every so often as well.
Sho does, annoys the hell outta me when it happens but I’d never disable that feature
GrapheneOS been had this feature, don’t let apple tell you they invented it.
Great software features should be available to all hardware, regardless of OS.
For sure I’m just joking about apple’s habit of taking a feature that has been around for YEARS and claiming they “innovated” it, usually after they strip it down a little no less (like in this case where it appears to be a setting users can’t access, but Graphene lets you turn it on/off or adjust the time between lock and reset.)
Did they claim they innovated this feature? I wasn’t paying attention.
I assume so, it’s their typical MO and thus: The Joke™.
I will never be able to not chuckle when I remember Apple’s claim that touching the screen was a 0-point swipe and they owned swiping… No one else could swipe quite like them lol.
IMHO, the novelty of the feature isn’t what makes this headline worthy. This is noteworthy because of the scale. iOS is over a quarter of phones on earth, and in English speaking countries and Japan, you’re looking at numbers that are often over 50%.
This will impact a LOT more investigations than Graphene, and I imagine Apple will be back in court fighting cops who want to remove privacy and security features. Hopefully this stuff stands up to the autocrats coming into power in the states.
Android in general has it, not just you.
All six GrapheneOS users should be proud that the developers of their phone software are genius inventors!
Gotcha. We’re almost twice as many.
I’m looking forward to joining the dozens with my nexto phone v
And most of them are in this thread.
Judging by the downvote count, I was off by 2x. My apologies to the community!
(For the record, I have nothing against GrapheneOS, but also no use for it)
don’t let apple tell you they invented it.
Why always the knee-jerk anti-apple reaction even if they do something good?
FYI: Apple isn’t telling anyone they invented this. In fact, they didn’t even tell anyone about this feature and declined to comment after it was discovered and people started asking questions.
Amazing how a Foss project led the way on this…
Best marketing ever… Suck on that Tim Apple 🤡
who cares who invented it first? this is benefiting everyone? this isn’t some console wars bullshit, this is a great feature. if apple gets good press from it, i don’t care.
Unless when it is the other way around, they will sue you to death.
You don’t understand how propaganda works. An this is what this is…
There a huge shillop about unlocking some terrorist phone long time ago… FBI asked and Apple refused when FBI used celebrite or whatever in reality.
Gave bonuses false sense of security. This smells the same IMHO.
Happy to be wrong but I don’t trust apple.
I understand how “propaganda” works and ultimately realize that Apple included such a feature for good publicity so the normal people of the world who don’t know what a Mulvad or a Tails is, but are still privacy concerned, would go out and shill 1,000$+ for their phones-- I get it. I ain’t saying you don’t have to be distrustful.
I still think it’s a bit silly to look for problems in what is ultimately a good thing, anyways. I didn’t forget about Apple’s letter-of-the-law following of the DMA, I didn’t forget about Apple suing Samsung for “rectangle with button”, I didn’t even forget about Apple reversing course on scanning everyone’s iCloud photos for CSAM-- that last part which was genuinely privacy concerning. I’m still gonna go out of my way to say “i like this” so Apple and other companies continue to at the very least virtue signal for protecting their consumers against an over-reaching & often times distrustful law enforcement.
And getting more press about privacy related things, and why they’re important is always good to see.
This is issue of security, no privacy. And I highly doubt Apple is on team peasant here. They are biggest beneficiaries of US government, they play for that team.
Is there a foss app for android?
Foss OSes… GrapheneOS for sure but I also saw enjoyers stating calyxOS will also do the trick.
IT support everywhere sigh in satisfaction
There is no shortage of reasons to dislike Apple. This isn’t one of them.
There is a scene in Mr Robot where Darlene is able to do a full wipe on her phone without even looking at the screen.
I wish I was that good.
I want a way that I can trigger this from the main lock screen without unlocking the phone.
Like a specific pin you have to enter twice to trigger the full wipe.
Best you can do is auto wipe after 10 failed pins.
speaking of that.
this can wipe your phone on a trigger, or lock it with a different code, or send a broadcast message that other apps can act on: Wasted (Lock a device and wipe its data on emergency) https://f-droid.org/packages/me.lucky.wasted/
this reads the screen to see if you have used a special unlock code: Duress (Duress password trigger) https://f-droid.org/packages/me.lucky.duress/
read the app description of both, there’s important information
It also let’s you install a fake icon for some normal looking app like Threema. When you tap the app it factory resets the phone.
yeah they are pretty good apps! basically a must-have for protests, if you bring a smartphone. maybe for traveling too, in case it’s stolen
I can see these apps being good for traveling, in case of a stolen phone, but for protests I’ve almost always heard that you should bring a burner phone.
Do not under any circumstances bring your cell phone, dumb or not, to a protest.
Memorize important numbers, writing them in your arm if necessary.
Answer all questions with “I assert my fifth amendment right and will not answer any further questions without my attorney.”
GrapheneOS has this. I believe it’s called a Duress PIN.
I’ve set mine up so that entering my PIN backwards will nuke it. At which point I can ask for my phone back.
At which point you will be taken to a dark room downstairs and 3 cops will testify they tried very hard to stop you from violently and repetitively throwing your head at their baton in a menacing manner which made them fear for their life.
I feel that a lot of the hate for Apple is not fully warranted. Contrary to Google or Facebook, their business model is not built on colelcting your personal data. They are extremely overpriced, but deliver good quality - I am using my first iPhone for more than 4 years now, I never had and Android last nearly that long.
Pssst, apple collects your personal data, and like google they “don’t sell it,” instead they use it to build profiles on their users and then go to ad agencies and say “Ok give us money and we’ll serve your ad to X demographic.”
Does Apple serve ads? Not that I am aware of. I suppose their podcast player supports podcasts that have dynamic ad breaks but I honestly have no idea whether Apple is the one selling that ad space or the platform hosting the podcast is.
They have services that claim to, but tbf I don’t use apple products and I block ads like I’m spraying for roaches, so I’m just taking apple at their word.
Here’s a screencap from the TLDR of their terms of service I posted a link to, says right here “This service may use your personal information for marketing purposes” so…
In my experience, that’s true, too. I won’t complain about build quality.
I’m currently in a weird thing with Apple. I’ve been using Macs since ‘07 and iPhones since ‘10, and while they make absolutely incredible hardware, I’m sick of how much they rip off their customers, and I’m sick of being able to see the ways in which they adapt software to push you towards the thing that makes them the most money.
As a result I have an M2 MacBook which is the best laptop I’ve ever owned, and I’m close to putting Asahi on it to see if I can use that flavour of Linux as a daily driver. Come February, when my iPhone 13 mini is due for upgrade, I’m giving serious consideration to picking up a used Pixel 8 so I can use Graphene instead.
On a pixel 8 running graphene right now, I love it.
Did you switch to it from Android or iOS? Because as someone who’s only used iOS since 2010, I imagine it’ll be one hell of a shock.
Android. It might be a shock, but it’s great once you get used to it. I completely degoogled and went with apps that don’t spy, which was the hardest part, but you could set up a separate user profile for spyware stuff like snapchat or whatever. It might be beneficial to go ahead and get one, flash it, and use it with wifi or a prepaid sim for a bit while you still have your regular phone as a backup/main if you’re worried about the transition.
The best thing apple ever did was convince you they don’t collect and sell your data like the other tech giants. You think they’re a trillion dollar company by their hardware alone?
Apple is just as shit they just make sure folks don’t realize it
