Apple reportedly improved user data protections in the latest iOS release with a new feature that automatically reboots a locked device if it has not been unlocked for several days.
iOS 18.1, which started rolling out on October 28 with multiple security fixes, also includes an auto-reboot timer that activates when the device is locked and is reset every time it is unlocked.
If the device has not been unlocked for several days, it automatically reboots, essentially erasing the user’s sensitive information from memory and preventing its extraction.
The feature was initially reported on last week, when 404 Media caught wind of law enforcement chatter regarding iPhones stored for forensic examination that would reboot themselves, becoming more difficult to unlock.
The reboots, which occurred last month, had no obvious explanation, and law enforcement theorized that the devices, which were running iOS 18, were communicating with each other and signaling to each other to reboot if no cellular connectivity had been available for a long time.
The implementation of such a feature in iOS 18, however, has been refuted by several developers, and the reboots might have a simpler explanation: iOS 18 came with a series of memory bugs that caused iPhones to reboot randomly.
In fact, iOS 18.1 came with patches for these vulnerabilities, and, because the devices in police custody were seen rebooting in the weeks before, it would be more plausible that they were affected by the same issues that other users had previously complained about.
Unrelated to these events, however, Apple does appear to have introduced an auto-reboot feature in iOS 18.1, to revert the device to the “Before First Unlock” state, when applications cannot access encryption keys and users’ data is better protected.
Even when locked, devices that have been unlocked at least once and are in an “After First Unlock” state are susceptible to brute force attacks, vulnerability exploitation, and the exploitation of in-memory information.
“Apple added a feature called ‘inactivity reboot’ in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device. So if you don’t unlock your iPhone for a while… it will reboot,” Jiska Classen, a researcher at the Hasso-Plattner-Institut, explains.
According to GrapheneOS, the developers of an Android-based operating system for Pixel devices that has had an auto-reboot feature for roughly three years, a four-day timer was implemented in iOS 18.1.
Apple, in the meantime, has kept mum on the matter. SecurityWeek has emailed the tech giant for a statement and will update this article as soon as a reply arrives.
Related: Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products
Related: As Wiretap Claims Rattle Government, Greece Bans Spyware