- cross-posted to:
- pulse_of_truth@infosec.pub
- cross-posted to:
- pulse_of_truth@infosec.pub
Apple quietly introduced code into iOS 18.1 which reboots the device if it has not been unlocked for a period of time, reverting it to a state which improves the security of iPhones overall and is making it harder for police to break into the devices, according to multiple iPhone security experts.
On Thursday, 404 Media reported that law enforcement officials were freaking out that iPhones which had been stored for examination were mysteriously rebooting themselves. At the time the cause was unclear, with the officials only able to speculate why they were being locked out of the devices. Now a day later, the potential reason why is coming into view.
“Apple indeed added a feature called ‘inactivity reboot’ in iOS 18.1.,” Dr.-Ing. Jiska Classen, a research group leader at the Hasso Plattner Institute, tweeted after 404 Media published on Thursday along with screenshots that they presented as the relevant pieces of code.
Meanwhile security-oriented Android forks: “You didn’t do that?”
Actually, Graphene and Calyx have this feature. I believe graphene may have it on by default at 18 hours, but I do not know about Calyx.
Samsung phones have this as a feature too. I think it’s under device care
This is good but it isn’t quite the same thing. I want my phone to auto restart if I haven’t unlocked in for 12 hours.
Looks like the big difference is that this is on by default, it appears to get enabled when cops turn off internet access to prevent access to FindMy and remote lockdowns.
Oh nice
There’s also a feature to disable the biometrics for unlocking in general but to stay active to unlock apps (like bank apps or password managers). I like this because no matter what you can’t unlock my phone without the pin but I still get the convenience of using it for my app security
Calyx just copied the code from GrapheneOS, and I believe they still use the old GrapheneOS default of 72 hours
Well, if graphene turned it down to 18 hours, then they should as well. But I guess 72 hours is better than nothing.
lineageOS has this as well, as does divestOS but you have to set it
I was unable to find this on lineage 21 and I don’t think it would work as well on lineage anyway, since the vast majority of the bootloaders cannot be locked once lineage is installed, which would negate a lot of this I would think.
my bad, i just checked on lineage 21 again and i can’t find it, but i’m sure it’s on divestOS