Restarting iPhone with Apple Configurator

This Malwarebytes article alludes to the ability of using Apple Configurator to reboot a phone.

However, this app seems to require a phone to have a managed Apple ID.

Any thoughts, clarifications please

The article also says you can use the force-restart sequence to force the phone to restart, even without Configurator.

I don’t see how the force-restart sequence that Malwarebytes mentions is any different than the restart sequence used in the video from ZecOps. However, as a test I just went through the shutdown process on my iPhone 12 Mini, iOS 15.2, using both methods:

  1. volume-up, volume-down, press & hold side power button, 'swipe to power off’
  2. press & hold side power button while pressing & holding either volume button, 'swipe to power off’

The shutdown worked the same in both - there’s a quick flash of the ‘busy gear’ then the screen goes dark, just as hacked phone in the video does. To restart, press and hold the side power button, the Apple logo comes on then the lock screen appears.

A difference between the video showing the effect of the hack and my test is that when I swiped up to unlock after restart I was asked for my passcode: “Enter Passcode. Your passcode is required when iPhone restarts.” In the video it didn’t ask for his passcode, it just went straight to the home screen. This is a clue that it wasn’t really shut down - it didn’t ask for the passcode.

The force-restart sequence has no “swipe to power off” gesture. When you see that screen, keep holding the side button until the device reboots.

Interesting. On my iPhone 12 Mini running iOS 15.2 when I use the vol_up/vol_down/hold_side sequence I get the ‘swipe to power off’ screen as well as a ‘Cancel’ button. I had always used this to shut down when I needed to restart (yes, I was performing a power-off/power-on, not a restart). But if I continue holding the side button down (a seemingly long time) the screen will go blank, eventually the Apple logo will appear, the phone will restart, and when I swipe up to unlock I’m asked for my passcode. The Malwarebytes instructions don’t mention anything about the ‘swipe to power off’ appearing, but if you see it you should ignore it and keep holding the side button down to get the force-restart.

Note that this procedure does not give me the option for ‘Emergency SOS’ that I get when I press and hold a volume button plus the side power button (which also gives the ‘Swipe to power off’, ‘Cancel’, and ‘Medical ID’ options). BTW, I just checked my wife’s iPhone 12 with iOS 15.2 and it behaves the same as my Mini.

In both shutdown procedures, when presented with the option to ‘Swipe to power off’ there is also a new notice in small text that says, “iPhone findable after power off” (technical details here). The post about the malware on Bleeping Computer explains this in laymen’s terms at the bottom of their story.

I don’t know if it affects this sequence, but we both have ‘Press side button for Siri’ enabled.

If you swipe on the power off screen you are actually shutting down your iPhone. The Mac equivalent would be Apple Menu > Shut Down.

When you do not swipe on that screen but instead keep holding the power button, you are force restarting your iPhone. It will not go through its shutdown procedure but rather force a reboot. There is no direct Mac equivalent. Closest would perhaps be yanking the power cord (or on a MB holding the power button for a long time) and then immediately restarting after the Mac has shut down. Depending on what you’re trying to do on an iPhone, you would choose either shut down or force restart. But both will have you go through the same power off screen.

I see the same thing on my iPhone 13 mini. The presence of the power-off screen as a part of the force-restart sequence actually makes sense to me.

A force-restart sequence is a hardware feature that is designed to work even if the OS is completely frozen/crashed. It can’t require any kind of touch-screen input because that won’t be available to a dead OS or a bricked phone. As such, it forces everything to restart, and if there are any apps still running (e.g. if the OS isn’t completely crashed), they are not given any opportunity to save their state. As such, force-restart should always be considered a last-resort option, much like disconnecting the power cord from a desktop computer.

By presenting the normal shutdown screen in the middle of the force-restart sequence, the user is given an opportunity to abandon the force-restart and perform a graceful shutdown - where apps can and will save their state before power-off.

It’s also a reminder to you (the user) that the OS hasn’t actually crashed. So if you’re using it because some app has frozen and there’s a reason that the normal force-quit gesture isn’t working (maybe some process is a CPU hog and not letting the gesture work properly), you will now know that this is not the case. You may then choose to do a graceful shutdown or cancel the restart (and wait for the bad app to maybe recover itself).

Of course, if the OS really is crashed, then you won’t see the screen, because there won’t be any software running to generate it, so you’ll just keep holding the side button until the device reboots.

This is the actual force-restart taking place.

And yes, you need to hold the button for a long time. This is deliberate. You don’t want this sequence ever getting triggered by accident.

Back in the days when Macs had reset buttons (the last of which were PowerPC G4 models) you could push that button to perform a chip-reset on the board.

Today, desktop Macs use the SMC chip (or similar chips with other names) to do this using a single power button.

I think all Macs will perform a force-power-off if you hold the power button down for an extended period of time.

According to a MacRumors article, you can also do a force-reset (at least on some Macs) by holding down CMD-CTRL-Eject (or CMD-CTRL-TouchID) until the computer resets itself.

3 Likes

Thanks @Shamino for the excellent and thorough explanation!

A close equivalent is ctrl-alt-del on an old PC running DOS. The sequence is a hardware signal from a specific key sequence to restart the machine no matter what it’s doing (particularly if it’s frozen.) It doesn’t start a software shutdown process that can be intercepted by a root kit.

Any further insight as to
“iOS device owners can also use Apple Configurator”
I recall the Configurator was invoked for solution for correcting a recent brick-inducing
Mac OS system update.
But it appears Apple Configurator is tied to other management protocols
which makes it not so much a universal go-to in these circumstances

Even today, this keyboard sequence is designed to trigger a software interrupt that only the OS can redirect.

A PC’s BIOS provides a default handler that causes a warm boot. But software can, and often does, install alternate interrupt handlers so this keystroke can do other things.

On modern Windows systems, the OS’s handler brings up a screen from which you can launch the task manager or change a password or switch users. When typed when nobody is logged-in, it brings up a login window that (allegedly) can’t be spoofed.

See also: YouTube: Dave’s Garage: CTRL-ALT-DEL: The Secret History of the Three Finger Salute