Law enforcement officers are warning other officials and forensic experts that iPhones which have been stored securely for forensic examination are somehow rebooting themselves, returning the devices to a state that makes them much harder to unlock, according to a law enforcement document obtained by 404 Media.
Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time. After being rebooted, iPhones are generally more secure against tools that aim to crack the password of and take data from the phone.
404 Media obtained the document from a mobile forensics source. 404 Media then corroborated the document with a second mobile forensics source, who confirmed they had seen the same document and sent a short snippet of it for verification purposes.
“However, something had caused the devices to reboot, since their intake and they lost the AFU state,” the document says. This includes iPhones that were in Airplane mode, and even one that was inside a faraday box. A faraday box blocks electronic signals from reaching the device, such as wipe commands, and stops it from communicating with cellular networks.
Police Freak Out at iPhones Mysteriously Rebooting Themselves, Locking Cops Out
horde The theory doesn't make sense. It would be an incredibly strange approach instead of simply implementing an auto-reboot timer and could be bypassed through the police setting up a cell tower without internet access which they're fully capable of doing especially if they have advanced tools for breaking into devices. They seem to be misinterpreting what's happening. It's far more likely that it's a bug triggered after the devices being kept powered on for a long time without regular use such as a memory leak or integer overflow. Apple doesn't really implement secret security features with very strange semantics... It would make sense if they implemented auto-reboot but why wouldn't they announce it as per their normal operating procedure?
- Edited
GrapheneOS https://chaos.social/@jiska/113447894119816217
Apple added a feature called "inactivity reboot" in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device. So if you don't unlock your iPhone for a while... it will reboot!
horde that’s awesome, I hope Apple gives an official statement on it.
Indeed my iPhone asks me for my code at least 2 times a day, knowing that every day between 7am and noon I work so I don't use my phone and at noon I have to enter my code, and at the end of the day I have to enter my code too.
So they copied another GOS feature ;)
nashgraph They did not copy anything since Apple restarted when the device is not in use, on GrapheneOS you have to set up a timer
Here's another story about Apple's new feature:
https://www.neowin.net/news/experts-reveal-why-iphones-are-suddenly-rebooting-themselves-leaving-police-stumped/
So looks like seizures of IPhones would now be prioritized for examination. GrapheneOS's has a superior implementation in that it allows users to choose the trigger time assuming Apple's is static.
It's nice to know that the GrapheneOS developers had the fore-site to add this wonderful feature many years ago, I'm sure Apple has never heard of GrapheneOS ;) wink.
r134a There is nothing to adapt on iOS, the phone restarts when you change location and you do not use it, there is no timer
Guillaume On iOS, the phone restarts when you change location and you do not use it, there is no timer
Is it possible to provide a source supporting that claim?
Lots of sources say it is exactly a timer, such as: https://appleinsider.com/articles/24/11/09/iphones-on-ios-181-will-automatically-reboot-and-lock-down-after-being-idle-for-a-while
- Edited
Guillaume no, timer is 72 hours.
For example, mobile phones are placed in a Faraday case after being confiscated by the investigating authorities. This means that localisation via radio cells or GPS is not possible
This means that a timer expires which, according to our tests, is triggered after 72 hours without use
Guillaume i didn't claim there is something to adapt on ios. I've mentioned in contrast to the implementation on ios currently, grapheneos gives you the liberty to set the time of inactiviy (i.e. timer) before reboot.
On ios it seems the phone restarts after a period of inactivity. 'Under the hood' this means that the os keeps track of a given period between last unlock and a certain value where it decides to reboot. How would you deem this possible, if not implemented with a timer of some sort?
I'm unaware that 'change location' is
a requirement to trigger the reboot after a certain period of inactivity.
I would love to learn more about that, would u mind providing a source on how you came to that conclusion?
phone-company I have an iPhone and it asks me for my code after 4 hours without being used
I've noticed my business iphone asking for the code more often recently as well. I haven't timed it, doesn't feel like its as short as 4 hours to me, since when I wake up in the morning it doesn't typically ask for the code.
Guillaume this seems interesting. Let's see what other user reports.
This is one of the funniest things I have read in a very long time.
- Edited
treenutz68 Neither does he ask me for my code when I wake up, I think he detects when I change places
Guillaume i triyed it with a special farrady bag wie use for our Laptops and devives usualy... And no result after 4hours. AS i wrote after 72 hours the device reset .... Round about