Apple Quietly Introduced iPhone Reboot Code Which is Locking Out Cops
Apple Quietly Introduced iPhone Reboot Code Which is Locking Out Cops
On Thursday 404 Media reported that police were freaking out about mysteriously rebooting iPhones. Now multiple experts have found that Apple introduced code that reboots locked phones after a period of time.
Apple quietly introduced code into iOS 18.1 which reboots the device if it has not been unlocked for a period of time, reverting it to a state which improves the security of iPhones overall and is making it harder for police to break into the devices, according to multiple iPhone security experts.
On Thursday, 404 Media reported that law enforcement officials were freaking out that iPhones which had been stored for examination were mysteriously rebooting themselves. At the time the cause was unclear, with the officials only able to speculate why they were being locked out of the devices. Now a day later, the potential reason why is coming into view.
“Apple indeed added a feature called ‘inactivity reboot’ in iOS 18.1.,” Dr.-Ing. Jiska Classen, a research group leader at the Hasso Plattner Institute, tweeted after 404 Media published on Thursday along with screenshots that they presented as the relevant pieces of code.
Does anybody know if LineageOS has an equivalent feature?
Law enforcement shouldn't be able to get into someone's mobile phone without a warrant anyway. All this change does is frustrate attempts by police to evade going through the proper legal procedures and abridging the rights of the accused.
Yep! The police, being fascists, HATE this.
well it's kind of a selling point. I'm just too used to using android, though.
Edit - there's something for that too, cool!
You can use GrapheneOS, a security-focused version of Android which includes auto-reboot, timers that automatically turn off Wi-Fi and Bluetooth after you don't use them for a certain period of time, a duress PIN/Password that wipes all the data from your device after it's entered, as well as many other incredibly useful features.
It's fully hardened from the ground up, including the Linux kernel, C library, memory allocator, SELinux policies, default firewall rules, and other vital system components.
I'm the only guy in my (small) friend group who still used pattern code instead of fingerprint so I take that to mean my phone is by default more difficult to break into than most. Giving my fingerprint to a giantic tech firm has always seemed like a bad idea so I never did. Though the fingerprint reader acts as a power button too so who knows if they've scanned it anyway.
All current stock Samsung phones can do this too, BTW.
Well, when you confiscate a piece of paper, even without a warrant to read it you can do that physically when it's in your possession, and it's part of the evidence or something, so everyone else can too, so why even fight for that detail.
They just pretended it's fine with mobile computers.
I thought that "fruit of a poisonous tree" is a real principle, not just for books about Perry Mason. /s
So - yes. It's just really hard to trust Apple.
That argument sounds great until you consider that a piece of paper won't contain almost the entirety of your personal information, web traffic, location history, communications. You may say you could find most of that pre computer era in someone's house, but guess what you would need to get inside and find those pieces of paper...
They usually do have a warrant or it was seized lawfully.
This is about keeping them out even when it's lawful.
The police can engage in rubber-hose cryptanalysis. In many countries, it's legal to keep a suspect in prison indefinitely until they comply with a warrant requiring them to divulge encryption keys. And that's not to mention the countries where they'll do more than keep you in a decently-clean cell with three meals a day to, ahem, encourage you to divulge the password.
GrapheneOS been had this feature, don't let apple tell you they invented it.
Great software features should be available to all hardware, regardless of OS.
For sure I'm just joking about apple's habit of taking a feature that has been around for YEARS and claiming they "innovated" it, usually after they strip it down a little no less (like in this case where it appears to be a setting users can't access, but Graphene lets you turn it on/off or adjust the time between lock and reset.)
IMHO, the novelty of the feature isn't what makes this headline worthy. This is noteworthy because of the scale. iOS is over a quarter of phones on earth, and in English speaking countries and Japan, you're looking at numbers that are often over 50%.
This will impact a LOT more investigations than Graphene, and I imagine Apple will be back in court fighting cops who want to remove privacy and security features. Hopefully this stuff stands up to the autocrats coming into power in the states.
don't let apple tell you they invented it.
Why always the knee-jerk anti-apple reaction even if they do something good?
FYI: Apple isn’t telling anyone they invented this. In fact, they didn’t even tell anyone about this feature and declined to comment after it was discovered and people started asking questions.
Android in general has it, not just you.
On one hand, Fuck Da Police
On the other hand, Fuck Apple
IT support everywhere sigh in satisfaction
GrapheneOS also has this. Not sure stock android includes it.
It does not. I don't have it on my Pixel 6. From other people's comments, it sounds like Samsung and other OEMs have added their version, though.
I've added this function manually using Automate (https://play.google.com/store/apps/details?id=com.llamalab.automate).
You can trigger it to reboot on inactivity using some advanced parameters, but I've simply set it up to reboot at 3.30 AM every day, that way it's also clearing the cache.
This is how it looks like - the 5 min wait timer is to prevent a reboot loop if the phone is still booted up at 3.30 again.
That seals the deal for me on rooting my pixel. I've been hesitant about rooting ever since I bricked an extra galaxy s3 and nearly bricked my (main device) Verizon galaxy s5
If you have a factory pixel, you don't need to root. You can unlock bootloader and install a rom that has it (calyxos or grapheneos I know have them). You can root, but you don't have to.
You can add the function easily using https://play.google.com/store/apps/details?id=com.llamalab.automate, no root needed.
It does, labled "Auto Restart", but only when "preformance issues detected" or time specified. Apple is quite late on this feature.
on GrapheneOS it is labeled auto reboot and it specifically says "automatically reboot device if it hasn't been unlocked in xxx hours" with a default of 18.
This is clearly the Samsung interface and thus not stock Android. Doesn't even really look like the same feature.
Samsung does too but I've not set it up as such. Instead, it automatically locks the device from biometric unlocks every 24 hours until you login with your pin again.
There is no shortage of reasons to dislike Apple. This isn’t one of them.
There is a scene in Mr Robot where Darlene is able to do a full wipe on her phone without even looking at the screen.
I wish I was that good.
I want a way that I can trigger this from the main lock screen without unlocking the phone.
Like a specific pin you have to enter twice to trigger the full wipe.
speaking of that.
this can wipe your phone on a trigger, or lock it with a different code, or send a broadcast message that other apps can act on: Wasted (Lock a device and wipe its data on emergency) https://f-droid.org/packages/me.lucky.wasted/
this reads the screen to see if you have used a special unlock code: Duress (Duress password trigger) https://f-droid.org/packages/me.lucky.duress/
read the app description of both, there's important information
Best you can do is auto wipe after 10 failed pins.
I feel that a lot of the hate for Apple is not fully warranted. Contrary to Google or Facebook, their business model is not built on collecting your personal data. They are extremely overpriced, but deliver good quality - I am using my first iPhone for more than 4 years now, I never had and Android last nearly that long.
In my experience, that’s true, too. I won’t complain about build quality.
I’m currently in a weird thing with Apple. I’ve been using Macs since ‘07 and iPhones since ‘10, and while they make absolutely incredible hardware, I’m sick of how much they rip off their customers, and I’m sick of being able to see the ways in which they adapt software to push you towards the thing that makes them the most money.
As a result I have an M2 MacBook which is the best laptop I’ve ever owned, and I’m close to putting Asahi on it to see if I can use that flavour of Linux as a daily driver. Come February, when my iPhone 13 mini is due for upgrade, I’m giving serious consideration to picking up a used Pixel 8 so I can use Graphene instead.
The best thing apple ever did was convince you they don't collect and sell your data like the other tech giants. You think they're a trillion dollar company by their hardware alone?
Apple is just as shit they just make sure folks don't realize it
Pssst, apple collects your personal data, and like google they "don't sell it," instead they use it to build profiles on their users and then go to ad agencies and say "Ok give us money and we'll serve your ad to X demographic."
As a member of the intelligence community, I can almost guarantee that this is directed at the increased use of Cellebrite UFED hardware, specifically putting the device back into BFU mode, which removes cryptography-related memory allocations. This is also why you're asked for your password instead of face or fingerprint upon reboot.
I don’t know how Cellebrite is a legally operating company. Their entire business model is a violation of the computer fraud and abuse act.
No that’s only for when poor people do it
Cellebrite is developed in Israel, a country that legally shouldn't even exist, and is known for genocide, crime, espionage, manipulation and propaganda, more war crimes, illegal settlements, using their intelligence agency to assassinate political opponents abroad, etc.
The so-called "only democracy in the middle east"
Which is great, because you can't warrant a password.
I am also an intelligent individual in a community! High five
It also wasn't a quiet patch, users had to opt in.
As a member of the Intelligence community, please go find another job and stop harming people. Thanks.
Don't be naive
The phrase "as a member of the intelligence community" is not the same "as as a mother".
Assuming it is true, always a caveat on the internet, It would actually give them a unique perspective into the situation rather than just using it as a catch-all excuse for Karen's to be an uninformed twit.
Do two fucks make a right?
I think this used to be possible with tasker, ironically though probably not anymore before of all Google's restrictions on Android. (maybe if you have root)
GrapheneOS periodically (once a day or so) forces me to put in the passcode. If this isn't a stock Android feature that's another reason to use Graphene. It also has a "lockdown" button in the power button menu that forces the same behaviour.
The way this article is framed sounds like bullshit to me. 18.1 was released less than 2 weeks ago. Any phone running this version of iOS would have had to already been in custody and somehow upgraded to this version, or otherwise brought into custody very recently—too recently for this to have already posed such a problem that law enforcement is “freaking out” and reporting it to the media.
Don't they auto update the OS when connected to a charger? But even then, that would have triggered a reboot already.
The ars article mentioned 18.0 had a bug that caused random reboots so it might've been mostly that
iOS has auto update for a while and iOS users update their devices more often than Android. 2 weeks is not a long time for adoption of new version for iOS.
The way this article is framed sounds like bullshit to me. 18.1 was released less than 2 weeks ago. Any phone running this version of iOS would have had to already been in custody and somehow upgraded to this version, or otherwise brought into custody very recently—too recently for this to have already posed such a problem that law enforcement is “freaking out” and reporting it to the media.
A non-insignificant amount of people have been running the public betas because of Apple intelligence, RCS / iMessage toys, UI customization, etc. For example, MixPanel reported about 2% of the iOS install base running 18.0 before 18.0's launch. IMHO, that's pretty crazy for a beta OS.
Wouldn't that disrupt the usage of a phone as a server?
oh fuck I can't stop laughing
That's it!! Now I will NEVER use an iPhone as a server. 😋
iPhone? Don't these kill apps after a few minutes in background?
*seconds. KDE Connect dying the moment I turn off the iPad annoys me to this day.
It’s not that simple. iOS has a really sophisticated system for deciding which things to keep in memory and which to evict, and it only does that when it needs more resources. Choosing which apps to kill is based on how recently an app was used, how much of share resources are in use, how often the app gets used, if it’s doing background processing, and other more subtle signals.
Usually if people notice apps being killed when in the background a lot it’s because one of the apps they’re switching to is using a lot of resources, which forces the eviction of other apps.
Interesting, tell me more please. I presume it requires loading a different OS image as standard iPhone/android OS images will pause apps and attempt to go into a deep sleep after a long enough period?
A phone server that is disconnected from cellular is already broken anyways.
Thank you Apple, right side of history here, fuck fascist pigs
Meanwhile security-oriented Android forks: "You didn't do that?"
Actually, Graphene and Calyx have this feature. I believe graphene may have it on by default at 18 hours, but I do not know about Calyx.
Why does rebooting it improve the safety or security of the phone?
When you first boot up a device, most data on that device is encrypted. This is the Before First Unlock (BFU) state. In order to access any of that data, someone must enter the passcode. The Secure Enclave uses it to recreate the decryption keys that allow the device to access that encrypted data. Biometrics like Face ID and Touch ID won’t work: they can’t be used to recreate the encryption keys.
Once you unlock the device by entering the passcode the device generates the encryption keys and uses them to access the data. It keeps those keys in memory. If it didn’t, you’d have to enter your passcode over and over again in order to keep using your device. This is After First Unlock (AFU) state.
When you’re in AFU state and you lock your device, it doesn’t throw away the encryption keys. It just doesn’t permit you to access your device. This is when you can use biometrics to unlock it.
In some jurisdictions a judge can legally force someone to enter biometrics, but can’t force them give up their passcode. This legal distinction in the USA is that giving a passcode is “testimonial” because it requires giving over the contents of your mind, and forcing suspects to do that is not legal in the USA. Biometrics aren’t testimonial, and so someone can be forced to use them, similar to how arrested people are forced to give fingerprints.
Of course, in practical terms this is a meaningless distinction because both biometrics and a passcode can grant access to nearly all data on a device. So one interesting thing about BFU vs AFU is that BFU makes this legal hair-splitting moot: biometrics don’t work in BFU state.
But that’s not what the 404 Media articles are about. It’s more about the forensic tools that can sometimes extract data even from a locked device. A device in AFU state has lots of opportunities for attack compared to BFU. The encryption keys exist, some data is already decrypted in memory, the lightning port is active, it will connect to Wi-Fi networks, and so on. This constitutes a lot of attack surface that hackers could potentially exploit to pull data off the device. In BFU state, there’s very little data available and almost no attack surface. Automatically returning a device to BFU state improves resistance to hacking.
Great explanation. That was super insightful.
So even with BFU, does the iPhone not connect to the internet? I guess i hadn’t noticed it doesn’t.
Also are you still about to track via gps an iPhone that is in the off state? Just curious if there’s a lot of other vectors where the iPhone is still connected?
Once rebooted, you need to enter your PIN to unlock the phone (and the SIM as well). Before that it is not possible to unlock the phone with biometric credentials (face ID or fingerprint).
As far as I'm aware, police can force you to hand over your biometric credentials (they can hold the phone to your face to unlock it when you have face ID enabled, or can move your finger to the fingerprint sensor). But they can't force you to reveal the PIN number.
Yeah but that would imply they are bringing the phones to the person multiple times to use their face/finger, or they are keeping the phone active so it never locks, unless they are actively changing the settings to never lock somehow. Seems like an easier fix to just require you to enter your pin to change your lock setting to indefinitely.
Side note: the last time I was arrested the officer asked me if I wanted to reboot my phone or turn it off before handing it over so I knew they weren't going to go through it. Was surprised
or can move your finger to the fingerprint sensor).
Good luck guessing which finger and on which hand. You have 3 tries before a password is required.
BFU (before first unlock) vs AFU (After first unlock)
Basically encrypted vs decrypted
As I understand it, even though after Reboot the OS looks like its in about the same state with the wallpaper and same password to unlock, the fact that it hasn't been unlocked yet means that certain attacks don't work as well. I don't know why specifically. I think it's because the attack may still work but doesn't reveal any sensitive data because it's just the ROM, wallpaper, sim, etc.
Most likely after rebooting but before unlocking the decryption key is not present in memory in plaintext.
How I do this in Lineage?
Wait two weeks, someone will implement this as a Magisk module
I think there is no such Option in LOS yet. GrapheneOS on the other Hand has this Option for years. If you want to safe at least your signal messages/contacts Molly has a similar function to encrypt after a setted time of not using it.
How long until it reboot when inactive?
Chris Wade, the founder of mobile analysis company Corellium, told 404 Media that after the fourth day of a device being in a locked state, the device reboots.
It wasn't quite, I had to opt in.
What’s the setting name?
Inactivity reboot.
Archived version (skip sign-up wall): https://archive.is/dxL65
If possible in your situation, reader:
Give 404 your proxy emails y’all… Proton, Mozilla, iCloud, whatever it is. They deserve the metrics.
Not even just a sign up verification wall in this case - It's a straight up paywall.
BFU has always been useful, it’s nice there’s a bit of autonomy to it now.
It’s also a good time to mention Shortcuts app has lots of useful functions that can automate your phone for security reasons. There are several community made / managed shortcuts that can do things like lock down the phone, enable certain features, and even start recording audio/video on the off chance you’ve been pulled over or are in some sort of situation. You can also tell the phone to power off / reboot via shortcuts which can be a final step after recording and uploading content to the cloud.
Stay safe out there.
If this is true, then it’s not a setting that users can access. At least not that I can find.
Amazing how a Foss project led the way on this...
Best marketing ever... Suck on that Tim Apple 🤡
who cares who invented it first? this is benefiting everyone? this isn’t some console wars bullshit, this is a great feature. if apple gets good press from it, i don’t care.
Unless when it is the other way around, they will sue you to death.
You don't understand how propaganda works. An this is what this is...
There a huge shillop about unlocking some terrorist phone long time ago... FBI asked and Apple refused when FBI used celebrite or whatever in reality.
Gave bonuses false sense of security. This smells the same IMHO.
Happy to be wrong but I don't trust apple.
Is there a foss app for android?
Sure, F-Droid. It's an app store that not only is exclusively foss, they only host things they can build from source in house and seem to have a decent review process - they tag anything from ads to integration with paid services, and those features are often buried so it seems like they're pretty militant about it
It comes with all the drawbacks that entails, but I generally check there first myself
Foss OSes... GrapheneOS for sure but I also saw enjoyers stating calyxOS will also do the trick.