Apple’s latest iPhone software introduces a unique security feature that restarts the device if it hasn’t been unlocked in 72 hours, as discovered by security researchers.
Recently, 404 Media reported concerns from law enforcement and forensic specialists regarding unexpected iPhone reboots, which complicated access to device data. Security researchers later confirmed that iOS 18 has a new “inactivity reboot” feature that triggers a restart if the device is left inactive.
Researcher Jiska Classen from the Hasso Plattner Institute released a video that illustrates how this feature works. The video shows an iPhone rebooting after 72 hours of inactivity. Magnet Forensics, a company known for forensic tools like GrayKey, also verified the 72-hour timer for the feature.
The “inactivity reboot” enhances iPhone security by locking encryption keys within the secure enclave chip. Classen explained on X (formerly Twitter) that the feature prevents thieves from easily bypassing iPhone security with outdated tools. Although this poses challenges for law enforcement, the 72-hour window still provides adequate time for data extraction when coordinating with forensic experts.
iPhones operate in two primary security states, which affect the ease of unlocking: “Before First Unlock” (BFU) and “After First Unlock” (AFU). When in BFU state, data on the device is fully encrypted and nearly impossible to access without the passcode. In AFU state, some data is more accessible, making it easier for certain forensic tools to extract data even if the device is locked.
Security researcher Tihmstar explained that devices in AFU state, or “hot” devices, are often targeted by forensic companies because they retain the passcode in memory. “Cold” devices in BFU state, however, are harder to access since the memory is less accessible after a reboot.
Apple has a long history of implementing security features that law enforcement groups have opposed, claiming they hinder investigative work. For instance, in 2016, the FBI attempted to compel Apple to unlock the iPhone of a mass shooter, eventually enlisting Australian company Azimuth Security to access the device.
Apple declined to comment on the new feature.
Post a Comment