iPhones on iOS 18.1 will automatically reboot and lock down after being idle for a while

Posted:
in iPhone edited November 9

A hidden feature in iOS 18.1 will automatically reboot a locked iPhone when it is asleep but hasn't been unlocked for a while, presumably as a security measure.




The feature has been identified as an "inactivity reboot," and is similar to a feature found on Macs. The Mac version, known as "hibernation mode," saves the state of the device to disk when put to sleep, in case the power fails or the battery runs out before the user can return to the machine.

By flushing the last state of the device, iPhone users are better protected from forensic searches by law enforcement or other entities. The change also makes it more difficult for anyone to break into the device using brute-force or other methods.

The reboot timer is not reliant on charging or network functions, and is only tied to inactivity since the last unlock. This means the reboot will take place after a period of time, even if network connections are not maintained.

Preventing personal security compromises



Christopher Vance, a forensic specialist at Magnet Forensics, was quoted in a expert group chat as saying "We have identified code within iOS 18 and higher that is an inactivity timer. This timer will cause devices in an AFU state to reboot to a BFU state after a set period of time, which we have also identified."

The synonyms refer to the state of the device After First Unlock, and Before First Unlock, where the iPhone has no still-open apps or content. Before First Unlock makes it more difficult for bad actors or law enforcement to use forensic tools to "crack" the device.

The time between a user putting the device to sleep and the automatic reboot appears to be around four days, or 96 hours. Magnet Forensics has recently acquired Grayshift, the company behind the cracking tool GrayKey.

Black device with two cables plugged in, a small green light, and the word 'Status' on the front panel.
Magnet Forensics has recently acquired Grayshift, makers of the Graykey hacking tool.



"Remember that the real threat here is not police," cryptographer Matthew Green from John Hopkins University told 404 Media. "It's the kind of people who will steal your iPhone for malign purposes. This feature means that if your phone gets stolen, the thieves can't nurse it along for months until they develop the tech to crack it."

"I would bet that rebooting after a reasonable inactivity period probably doesn't inconvenience anyone, but does make your phone a lot more secure," Green added. "So it seems like a pretty good idea."



Read on AppleInsider

appleinsideruser
«1

Comments

  • Reply 1 of 22
    clexmanclexman Posts: 216member
    So the cops that originally said this was happening weren't idiots. They were on to something.
    dewmeappleinsideruserPetrolDaveForumPostpuiz666apple4thewinwatto_cobra
  • Reply 2 of 22
    This may provide me with a clue about my MacBook Pro with M3 Pro: since updating from macOS 18.0.1 to 18.1, it may not start properly after lifting the lid. The screen may stay black or resemble two bright moons behind thick clouds (the avatar and password field?). It may take up to five restarts (finger on Power button) until a bright logo and progress bar appear, preceding the proper screen. - Note that I can connect a second screen via HDMI and see that properly. However, I haven't yet discovered how to adjust that monitor screen to show the menu bar of the computer, so I can't use the trackpad to choose Restart.
    watto_cobra
  • Reply 3 of 22
    clexman said:
    So the cops that originally said this was happening weren't idiots. They were on to something.
    Well...they were kind of idiots because they came up with a cockamamy story about how the phones were secretly talking to each other and sending covert signals to reboot when this is a much more simple and less "conspiracy" kinda answer. They could have easily reported that there was some kind of rebooting going on, however they insisted it was more of a conspiracy to try and make Apple look shady and therefore they're being idiots about it.
    edited November 9 12StrangersPetrolDaveDAalsethForumPostwatto_cobra
  • Reply 4 of 22
    So if I don’t use my phone for a period of time I will be locked out of it? How do I get back in.
  • Reply 5 of 22
    macguimacgui Posts: 2,469member
    So if I don’t use my phone for a period of time I will be locked out of it? How do I get back in.
    You're not locked out. The phone auto-reboots so you need your passcode to enable Face or Touch ID (if any TID phones can run 18.1).


    appleinsideruserForumPostwatto_cobra
  • Reply 6 of 22
    chasmchasm Posts: 3,601member
    So if I don’t use my phone for a period of time I will be locked out of it? How do I get back in.
    You might try reading the whole article. Nothing of what you claim is inferred or implied in the article. Just that the iPhone reboots if left in sleep for (roughly) four days.
    ForumPostwatto_cobra
  • Reply 7 of 22
    chasm said:
    So if I don’t use my phone for a period of time I will be locked out of it? How do I get back in.
    You might try reading the whole article. Nothing of what you claim is inferred or implied in the article. Just that the iPhone reboots if left in sleep for (roughly) four days.
    I did read the entire article. The term “locked” threw me I guess. Was thinking about how when your phone is lost or stolen that you can lock it down? 
    watto_cobra
  • Reply 8 of 22

    macgui said:
    So if I don’t use my phone for a period of time I will be locked out of it? How do I get back in.
    You're not locked out. The phone auto-reboots so you need your passcode to enable Face or Touch ID (if any TID phones can run 18.1).


    Thank you for the helpful response devoid of snark. 
    JanNLForumPostITGUYINSDmacguiolsgrandact73watto_cobra
  • Reply 9 of 22
    I like it, but are we sure its 4 days?  This would explain why my phone has ask be several times to enter my passcode to activate face ID. I was a bit taken back it has done it 3 or 4 times lately.  But it hadn't been even 4 hours of inactivity.  It was a bit of a pain since I use a 12 character passcode.
    TomPMRIITGUYINSDwilliamlondonwatto_cobra
  • Reply 10 of 22
    mdirvin said:
    I like it, but are we sure its 4 days?  This would explain why my phone has ask be several times to enter my passcode to activate face ID. I was a bit taken back it has done it 3 or 4 times lately.  But it hadn't been even 4 hours of inactivity.  It was a bit of a pain since I use a 12 character passcode.
    I have seen this passcode requirement as well.  Perhaps Apple introduced two different security features, not just one. in 18.1.
    ITGUYINSDwatto_cobra
  • Reply 11 of 22
    "I would bet that rebooting after a reasonable inactivity period probably doesn't inconvenience anyone, but does make your phone a lot more secure," Green added. "So it seems like a pretty good idea."

    What I don't like about these "pretty good ideas" is that I have no voice in the matter. Someone far away has decided they can think for me and deduce that I want this restriction and that it has to be good for me. As youth of a few years back would aggressively respond, I say "You don't know me! " It's beyond arrogant. It would be like deciding nobody really needs the last two key on a piano, so we'll just disabke them. Most of the people can continue to play just fine, so we will make this the standard for everyone with our remote piano key disable feature.


    williamlondonwatto_cobra
  • Reply 12 of 22
    I've noticed that Standby goes completely black in the middle of the night, about 4 hours in. A tap on the screen makes it reappear and stay on until morning.  Does anyone think the problem discussed in this thread is tied to this behavior?
    williamlondonwatto_cobra
  • Reply 13 of 22
    chasmchasm Posts: 3,601member
    mdirvin said:
    I like it, but are we sure its 4 days?  This would explain why my phone has ask be several times to enter my passcode to activate face ID. I was a bit taken back it has done it 3 or 4 times lately.  But it hadn't been even 4 hours of inactivity.  It was a bit of a pain since I use a 12 character passcode.
    I would set up FaceID again in that case. Be sure to keep your head in the circle and do a slow neck roll -- that seems to ensure a solid match.
    watto_cobra
  • Reply 14 of 22
    caskey said:
    clexman said:
    So the cops that originally said this was happening weren't idiots. They were on to something.
    Well...they were kind of idiots because they came up with a cockamamy story about how the phones were secretly talking to each other and sending covert signals to reboot when this is a much more simple and less "conspiracy" kinda answer. They could have easily reported that there was some kind of rebooting going on, however they insisted it was more of a conspiracy to try and make Apple look shady and therefore they're being idiots about it.
    The thing is, iPhones do "Secretly" communicate with each other. That's how your iPhone is findable after powering it off. A powered on phone receiving the lost or stolen command from another iPhone is absolutely a thing. If Apple has updated it's theft protection to include a reboot command, its not magic or cockamamy, just a simple update.
    williamlondongatorguywatto_cobra
  • Reply 15 of 22
    bobcov said:
    "I would bet that rebooting after a reasonable inactivity period probably doesn't inconvenience anyone, but does make your phone a lot more secure," Green added. "So it seems like a pretty good idea."

    What I don't like about these "pretty good ideas" is that I have no voice in the matter. Someone far away has decided they can think for me and deduce that I want this restriction and that it has to be good for me. As youth of a few years back would aggressively respond, I say "You don't know me! " It's beyond arrogant. It would be like deciding nobody really needs the last two key on a piano, so we'll just disabke them. Most of the people can continue to play just fine, so we will make this the standard for everyone with our remote piano key disable feature.


    You neglected to mention, while on your soapbox, why this feature would inconvenience you?  Also, your analogy doesn't work.  Apple didn't take anything away.  They added a feature...more like ADDING a key to a piano, except that, in this case, I think more people approve of this security feature than are like you and are mysteriously complaining about it.
    edited November 10 AnObserverwatto_cobra
  • Reply 16 of 22
    clexman said:
    caskey said:
    clexman said:
    So the cops that originally said this was happening weren't idiots. They were on to something.
    Well...they were kind of idiots because they came up with a cockamamy story about how the phones were secretly talking to each other and sending covert signals to reboot when this is a much more simple and less "conspiracy" kinda answer. They could have easily reported that there was some kind of rebooting going on, however they insisted it was more of a conspiracy to try and make Apple look shady and therefore they're being idiots about it.
    The thing is, iPhones do "Secretly" communicate with each other. That's how your iPhone is findable after powering it off. A powered on phone receiving the lost or stolen command from another iPhone is absolutely a thing. If Apple has updated it's theft protection to include a reboot command, its not magic or cockamamy, just a simple update.
    Some of the phone the police had were in faraday cages, which if functioning correctly, will prevent all wireless communication. No secret communication possible. This is the only plausible explanation.
    williamlondonwatto_cobra
  • Reply 17 of 22
    chasmchasm Posts: 3,601member
    clexman said:
    The thing is, iPhones do "Secretly" communicate with each other. That's how your iPhone is findable after powering it off. A powered on phone receiving the lost or stolen command from another iPhone is absolutely a thing. If Apple has updated it's theft protection to include a reboot command, its not magic or cockamamy, just a simple update.
    What's actually happening is that a sleeping or powered-off iPhone is still sending out a low-power Bluetooth "beacon" signal that other Apple devices can relay to Apple to help you find the device. But if the battery runs down completely, the iPhone can only show you a "last location" before the battery died.
    iOSDevSWEwatto_cobra
  • Reply 18 of 22
    macguimacgui Posts: 2,469member
    mdirvin said:
    I like it, but are we sure its 4 days?  This would explain why my phone has ask be several times to enter my passcode to activate face ID. I was a bit taken back it has done it 3 or 4 times lately.  But it hadn't been even 4 hours of inactivity.  It was a bit of a pain since I use a 12 character passcode.
    Once upon a time, Apple had a somewhat arcane list of various circumstances where if your phone hadn't be used in X hours (24 or so) and a number of other situations, you'd have to use your passcode to unlock the phone. This was before this auto-reboot while locked procedure.

    What might also be a problem is if your phone inadvertantly sees your face at a bad angle and didn't recognize it, it views it as an unauthorized attempt to unlock. After a number of attempts (10?) it disables Face ID and you need to use your passcode. Or as mentioned, redoing your Face ID might fix things.
    iOSDevSWEwatto_cobra
  • Reply 19 of 22
    macguimacgui Posts: 2,469member

    chasm said:
    So if I don’t use my phone for a period of time I will be locked out of it? How do I get back in.
    You might try reading the whole article. Nothing of what you claim is inferred or implied in the article. Just that the iPhone reboots if left in sleep for (roughly) four days.
    The term “locked” threw me I guess. Was thinking about how when your phone is lost or stolen that you can lock it down? 
    I got it the first time but went back to check again to be sure. We usually refer to the phone as being "locked", "unlocked". "My phone is in lock down" said nobody, ever. While technically correct, lock down does convey a slightly different impression. Or maybe you've done time, and were reminded of being in lock down till the rioting is over? I hated losing yard time.
    robin huberiOSDevSWEwatto_cobra
  • Reply 20 of 22
    Clever.   While I am in favor to law enforcement being able to unlock a phone obtained under warrant, I can't see any way of doing that without a hacker eventually using that very same method to break into a phone.
    watto_cobra
Sign In or Register to comment.