Apple has added a brand new safety characteristic with the iOS 18.1 replace launched final month to make sure that iPhones robotically reboot after lengthy idle durations to re-encrypt information and make it tougher to extract.
Whereas the corporate has but to formally affirm this new “inactivity reboot” characteristic, legislation enforcement officers had been the primary to find it after observing suspects’ iPhones restarting whereas in police custody, as first reported by 404 Media.
This switches the idle gadgets from an After First Unlock (AFU) state to a Earlier than First Unlock (BFU) state, the place the gadgets are tougher to interrupt utilizing forensic telephone unlocking instruments.
Moreover, DFU makes extracting saved information tougher, if not inconceivable, since even the working system itself can not entry it utilizing encryption keys saved in reminiscence.
“Apple added a feature called “inactivity reboot” in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension,” as Hasso-Plattner-Institut researcher Jiska Classen defined.
“It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device. So if you don’t unlock your iPhone for a while… it will reboot!”
Merely put, on iOS gadgets, all information is encrypted utilizing an encryption key created when the working system is first put in/arrange.
GrapheneOS informed BleepingComputer that when an iPhone is unlocked utilizing a PIN or biometric, like Face ID, the working system hundreds the encryption keys into reminiscence. After this, when a file must be accessed, it should robotically be decrypted utilizing these encryption keys.
Nonetheless, after an iPhone is rebooted, it goes into an “at rest” state, not storing encryption keys in reminiscence. Thus, there is no such thing as a technique to decrypt the info, making it rather more immune to hacking makes an attempt.
If legislation enforcement or malicious actors acquire entry to an already locked system, they will use exploits to bypass the lock display. Since decryption keys are nonetheless loaded into reminiscence, they will entry the entire telephone’s information.
Rebooting the system after an idle interval will robotically wipe the keys from reminiscence and forestall legislation enforcement or criminals from accessing your telephone’s information.
An Apple spokesperson was not instantly obtainable for remark when contacted by BleepingComputer earlier.
