Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

New iOS Security Feature Reboots Devices to Protect User Data: Reports

A new feature in the latest iOS release reportedly reboots locked devices that have not been unlocked for longer periods of time.

iPhone security

Apple reportedly improved user data protections in the latest iOS release with a new feature that automatically reboots a locked device if it has not been unlocked for several days.

iOS 18.1, which started rolling out on October 28 with multiple security fixes, also includes an auto-reboot timer that activates when the device is locked and is reset every time it is unlocked.

If the device has not been unlocked for several days, it automatically reboots, essentially erasing the user’s sensitive information from memory and preventing its extraction.

The feature was initially reported on last week, when 404 Media caught wind of law enforcement chatter regarding iPhones stored for forensic examination that would reboot themselves, becoming more difficult to unlock.

The reboots, which occurred last month, had no obvious explanation, and law enforcement theorized that the devices, which were running iOS 18, were communicating with each other and signaling to each other to reboot if no cellular connectivity had been available for a long time.

The implementation of such a feature in iOS 18, however, has been refuted by several developers, and the reboots might have a simpler explanation: iOS 18 came with a series of memory bugs that caused iPhones to reboot randomly.

In fact, iOS 18.1 came with patches for these vulnerabilities, and, because the devices in police custody were seen rebooting in the weeks before, it would be more plausible that they were affected by the same issues that other users had previously complained about.

Unrelated to these events, however, Apple does appear to have introduced an auto-reboot feature in iOS 18.1, to revert the device to the “Before First Unlock” state, when applications cannot access encryption keys and users’ data is better protected.

Advertisement. Scroll to continue reading.

Even when locked, devices that have been unlocked at least once and are in an “After First Unlock” state are susceptible to brute force attacks, vulnerability exploitation, and the exploitation of in-memory information.

“Apple added a feature called ‘inactivity reboot’ in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device. So if you don’t unlock your iPhone for a while… it will reboot,” Jiska Classen, a researcher at the Hasso-Plattner-Institut, explains.

According to GrapheneOS, the developers of an Android-based operating system for Pixel devices that has had an auto-reboot feature for roughly three years, a four-day timer was implemented in iOS 18.1.

Apple, in the meantime, has kept mum on the matter. SecurityWeek has emailed the tech giant for a statement and will update this article as soon as a reply arrives.

Related: Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products

Related: As Wiretap Claims Rattle Government, Greece Bans Spyware

Related: Many iOS Developers Don’t Use Encryption: Report

Related: Pixel Phone Zero-Days Exploited by Forensic Firms

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.