According to security researchers, the new iPhone software from Apple includes a unique security feature that automatically reboots the device after 72 hours of inactivity
Last week, 404 Media reported that law enforcement officers and forensic experts were apprehensive about the enigmatic circumstances under which certain iPhones were rebooting.
This behavior made it more difficult for them to access the devices and extract data. 404 Media reported that iOS 18 included a new “inactivity reboot” feature that necessitated device restarts, citing security researchers.
We now have a precise understanding of the time required for this feature to activate.
On Wednesday, a video demonstrating the “inactivity reboot” feature was published by Jiska Classen, a researcher at the Hasso Plattner Institute and one of the first security specialists to identify this new feature.
The video demonstrates that an iPhone that is left unlocked for 72 hours will reboot itself.
Magnet Forensics, a company offering digital forensic products, including the iPhone and Android data extraction utility Graykey, has verified that the feature’s timer is 72 hours.
Two distinct states of iPhones can impact the capacity of law enforcement, forensic specialists, or hackers to unlock them by brute-forcing the user’s passcode or extracting data by exploiting security flaws in the iPhone software. “Before First Unlock,” or BFU, and “After First Unlock,” or AFU, are the two states.
The “inactivity reboot” function significantly enhances the security of iPhones by securing the user’s encryption keys within the secure enclave processor.
Classen wrote on X, “Even if thieves leave your iPhone powered on for an extended period, they will be unable to unlock it using outdated, less expensive forensic tooling.”
“While the inactivity reboot presents a greater challenge for law enforcement in obtaining data from criminals’ devices, it will not completely prevent them from doing so.” When coordinating steps with professional analysts, three days is still ample time.
The user’s data on the iPhone is completely encrypted and nearly impossible to access when the device is in BFU state unless the individual attempting to access it knows the user’s passcode.
Conversely, in an AFU state, specific data is not encrypted and may be more easily extracted by certain device forensic tools, even if the phone is locked.
Tihmstar, an iPhone security researcher, informed TechCrunch that the iPhones in those two conditions are also called “hot” or “cold” devices.
Tihmstar stated that numerous forensic companies concentrate on “hot” devices in an AFU state, as the user entered their correct passcode at some point, and it is stored in the memory of the iPhone’s secure enclave.
In contrast, “cold” devices are significantly more difficult to compromise because the memory cannot be readily extracted after the phone restarts.
For many years, Apple has implemented new security features that have been met with opposition and vocal protest by law enforcement, who contend that they are complicating their responsibilities.
In 2016, the FBI filed a lawsuit against Apple to compel the company to develop a backdoor that would allow a mass shooter to access his iPhone. The Australian startup Azimuth Security ultimately assisted the FBI in hacking into the phone. Apple did not respond to a request for comment.
