Mystery solved! Apple's new iPhone security feature caused mysteriouos reboots
Just yesterday we told you that law enforcement officials were concerned when some iPhone models, running iOS 18 or later and held as evidence by the cops, were rebooting automatically. By rebooting, it would become harder for law enforcement to use brute force cracking machines like the ones made by Cellebrite to figure out the passcode of a locked iPhone, unlock the device, and go through it for evidence needed in a criminal case.
To make matters worse for the police, iPhones running older versions of iOS that were also held by law enforcement were apparently getting signals from the units running iOS 18 that made them reboot, Again, this was done to make it harder to unlock the phone so that law enforcement could not scour it for evidence. In both cases, the reboot would take the devices from After First Unlock (AFU) state to Before First Unlock (BFU) state.
"We have identified code within iOS 18 and higher that is an inactivity timer. This timer will cause devices in an AFU state to reboot to a BFU state after a set period of time which we have also identified."-Christopher Vance, a forensic specialist, Magnet Forensics
Apple iPhone models in the After First Unlock (AFU) state have been unlocked by the user with a passcode since the last time the phone had been powered on. In that state, iPhones can be unlocked by a machine like the ones produced by Cellebrite. But rebooting the phones took them to the Before First Unlock (BFU) state where it becomes harder for those passcode cracking machines to crack the code and break into a phone.
404 Media, the outlet that broke the original story, is back again today with news that Apple has added an activity timer to iPhone units that have upgraded to iOS 18.1 or later (not iOS 18 as originally thought). The timer causes iPhones in the AFU state to reboot to the BFU state making them harder for law enforcement to unlock them even with the use of a Cellebrite device. The report says that the reboot takes place automatically after an iPhone has been locked for four days.
"Remember that the real threat here is not police. It’s the kind of people who will steal your iPhone for malign purposes. This feature means that if your phone gets stolen, the thieves can’t nurse it along for months until they develop the tech to crack it."-Matthew Green, cryptographer and associate professor, Johns Hopkins University
Those on the side of law enforcement might see this as a slap in the face by Apple because this new feature could prevent an iPhone from being used to collect enough evidence to lock someone up. But there is another way to look at it. The new feature prevents a criminal from stealing your iPhone and holding it until they figure out a way to unlock it.
Things that are NOT allowed: