Security researchers say Apple's new iPhone software includes a novel security feature that restarts the phone if it's not unlocked for 72 hours.
Last week, 404 Media reported that law enforcement officers and forensic experts may be wondering why some iPhones are restarting automatically under mysterious circumstances, making it difficult to access the devices and extract data. He reported that he was concerned that this might happen. 404 Media later reported, citing security researchers, that iOS 18 had a new “Inactive Restart” feature that forced a device restart.
Now you know exactly how long it will take for this feature to start.
Jiska Classen, a researcher at the Hasso Plattner Institute and one of the security experts who first discovered the new feature, released a video Wednesday demonstrating the “inactive restart” feature. This video shows how an iPhone that is left unlocked automatically restarts after 72 hours.
See the latest iOS inactive restart in action.
iOS 18 includes improved anti-theft protection. If your iPhone remains unlocked for three days, it will restart to prevent thieves from getting your data. (1/4) pic.twitter.com/H24Tfo1cSr
— Jiska (@naehrdine) November 13, 2024
Magnet Forensics, the company behind digital forensics products such as iPhone and Android data extraction tool Graykey, also confirmed that the feature has a 72-hour timer.
An “inactive restart” effectively puts the iPhone in a more secure state by locking the user's encryption keys into the iPhone's secure enclave chip.
“Even if a thief leaves an iPhone powered on for an extended period of time, they cannot unlock it using cheap and outdated forensic tools,” Klassen wrote in X. You are not completely locked out of the criminal's device. Three days is still plenty of time to coordinate procedures with a professional analyst. ”
Contact Us Do you work for a mobile forensics company or law enforcement agency? We'd love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely from your non-work device on Signal (+1 917 257 1382), on Telegram and Keybase @lorenzofb, or by email. You can also contact TechCrunch via SecureDrop.
The iPhone has two distinct states in which law enforcement, forensic experts, and hackers can brute force unlock your passcode or exploit security flaws in iPhone software to extract data. ability may be affected. These two states are “Before First Unlock” (BFU) and “After First Unlock” (AFU).
When an iPhone is in a BFU state, the user's data on the iPhone is fully encrypted and nearly impossible to access unless the person trying to access it knows the user's passcode. On the other hand, in an AFU state, even if the phone is locked, certain data is unencrypted and may be easily extracted by some device forensic tools.
An iPhone security researcher who calls himself Tihmstar told TechCrunch that iPhones in these two states are also referred to as “hot” or “cold” devices.
According to Timster, many forensic companies focus on “hot” devices that are in an AFU state, meaning that the user has entered the correct passcode at some point and that passcode is in a secure area of the iPhone. This is because it is stored in the memory of In contrast, “cold” devices are much harder to compromise because their memory cannot be easily extracted once the phone reboots.
Apple has been adding new security features for years, which law enforcement agencies have opposed and opposed, saying they make their jobs harder. In 2016, the FBI took Apple to court to force the company to build a backdoor to unlock the iPhone of a mass shooter. Ultimately, Australian startup Azimuth Security helped the FBI hack into phones.
Apple did not respond to a request for comment.