Apple quietly introduced code into iOS 18.1 which reboots the device if it has not been unlocked for a period of time, reverting it to a state which improves the security of iPhones overall and is making it harder for police to break into the devices, according to multiple iPhone security experts.
Apple’s recent change is the latest move in its ongoing struggle against companies that develop software to bypass security measures on locked iPhones. The primary way Apple defends against security threats is through updates that fix exploitable vulnerabilities. By restarting iPhones that remain locked for four days, Apple increases overall security, particularly for individuals at risk of having their iPhones confiscated by repressive regimes, with little or no inconvenience to regular users.
I couldn’t access the original article so if my question seems dumb I apologize. So this would be like if we shut the phone off and then turned it back on? Or rebooted it. Then we have to put in our password or passcode. My iPad Mini did this the other day. But tight it was because I haven’t used it in awhile. I didn’t know it rebooted. There’s no setting for this right?
Here’s a link to an Apple Insider article which covers the same content (and cites the 404 Media article that’s locked behind a paywall):
It’s not the same as a shutdown/reboot, but the result is similar. Memory is flushed to storage and erased. Then the storage device is locked. And this will take place even if the device is disconnected from all networks and plugged in to a charger.
After this is done, the device ends up in the “before first unlock” state, where the system is booted but most of the device is still locked down. In this state, hacking the phone for its content is much more difficult than after it has been unlocked for the first time (even if it is subsequently re-locked).
And yes, this behavior is not configurable. If you leave it locked for a few days, it will do this (again, not reboot, but put itself in a state similar to the time between a reboot and the first time you unlock it).
Thanks. From this description it sounds like Apple is leveraging the same tech used on Macs for FileVault login.
On a Mac with FileVault, for those who don’t already know, the computer boots from its SSV (the signed system volume), which is not encrypted. But it will not unlock the Data volume (where all your apps and data live) until you unlock it by either providing a FileVault password or by logging in to an account authorized to unlock the system.
It would seem (based solely on what I’ve read so far) that Apple has a similar kind of boot sequence in iOS. So it boots to a lock screen, but much of the system is not running until you unlock it the first time. Stuff that runs in the BFU (before first unlock) state would be in its SSV (or whatever the iOS equivalent is), with everything else being in the Data volume.
Of course, with the Data volume being locked and encrypted, it will be impossible for hacking tools to access the data because iOS itself can’t access that content. But once you unlock it for the first time and the volume is accessible to iOS, then tools that take advantage of bugs in iOS can exploit those bugs to access whatever iOS itself can access.
I’d say that Apple’s change to iOS also benefits people who are not journalists or activists because it makes breaking into a stolen phone more difficult.