A new iOS 18 security feature makes it harder for police to unlock iPhones
Image: Cath Virginia / The Verge; Getty Images
There is an apparently new iOS 18 security feature that reboots iPhones that haven’t been unlocked in a few days, frustrating police by making it harder to break into suspects’ iPhones, according to 404 Media.
404 Media, which first reported police warnings about the reboots on Thursday, writes that restarted iPhones enter a more secure “Before First Unlock,” or BFU state. Now, it seems Apple added “inactivity reboot” code in iOS 18.1 that triggers iPhones to restart after they’ve been locked for four days, Chris Wade, who founded mobile analysis company Corellium, told the outlet.
The code appears below in screenshots posted by Dr. -Ing. Jiska Classen, a Hasso Plattner Institute research group leader.
Apple indeed added a feature called “inactivity reboot” in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device.https://t.co/ONZuU9zVt2 https://t.co/4ORUqR6P6N pic.twitter.com/O3jijuqpN0— Jiska (@naehrdine) November 8, 2024
Both iOS and Android devices enter this BFU state when they’re restarted, requiring you to enter your passcode (or PIN) to unlock your phone, limiting what sort of data forensics experts can extract, according to a blog post from Dakota State University’s digital forensics lab.
Apple didn’t immediately respond to The Verge’s request for comment. The company has steadily made iPhones harder to compromise over the years, putting it at odds with law enforcement and raising the specter of government regulations requiring encryption backdoors. Apple has repeatedly resisted authorities’ requests to create backdoors, although that hasn’t stopped law enforcement from finding its own workarounds.
Image: Cath Virginia / The Verge; Getty Images
There is an apparently new iOS 18 security feature that reboots iPhones that haven’t been unlocked in a few days, frustrating police by making it harder to break into suspects’ iPhones, according to 404 Media.
404 Media, which first reported police warnings about the reboots on Thursday, writes that restarted iPhones enter a more secure “Before First Unlock,” or BFU state. Now, it seems Apple added “inactivity reboot” code in iOS 18.1 that triggers iPhones to restart after they’ve been locked for four days, Chris Wade, who founded mobile analysis company Corellium, told the outlet.
The code appears below in screenshots posted by Dr. -Ing. Jiska Classen, a Hasso Plattner Institute research group leader.
Apple indeed added a feature called “inactivity reboot” in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device.https://t.co/ONZuU9zVt2 https://t.co/4ORUqR6P6N pic.twitter.com/O3jijuqpN0
— Jiska (@naehrdine) November 8, 2024
Both iOS and Android devices enter this BFU state when they’re restarted, requiring you to enter your passcode (or PIN) to unlock your phone, limiting what sort of data forensics experts can extract, according to a blog post from Dakota State University’s digital forensics lab.
Apple didn’t immediately respond to The Verge’s request for comment. The company has steadily made iPhones harder to compromise over the years, putting it at odds with law enforcement and raising the specter of government regulations requiring encryption backdoors. Apple has repeatedly resisted authorities’ requests to create backdoors, although that hasn’t stopped law enforcement from finding its own workarounds.