- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Apple quietly introduced code into iOS 18.1 which reboots the device if it has not been unlocked for a period of time, reverting it to a state which improves the security of iPhones overall and is making it harder for police to break into the devices, according to multiple iPhone security experts.
On Thursday, 404 Media reported that law enforcement officials were freaking out that iPhones which had been stored for examination were mysteriously rebooting themselves. At the time the cause was unclear, with the officials only able to speculate why they were being locked out of the devices. Now a day later, the potential reason why is coming into view.
“Apple indeed added a feature called ‘inactivity reboot’ in iOS 18.1.,” Dr.-Ing. Jiska Classen, a research group leader at the Hasso Plattner Institute, tweeted after 404 Media published on Thursday along with screenshots that they presented as the relevant pieces of code.
You must log in or # to comment.
Law enforcement shouldn’t be able to get into someone’s mobile phone without a warrant anyway. All this change does is frustrate attempts by police to evade going through the proper legal procedures and abridging the rights of the accused.
Yep! The police, being fascists, HATE this.
well it’s kind of a selling point. I’m just too used to using android, though.
Edit - there’s something for that too, cool!
You can enable lockdown mode. It forces the next unlock to ignore biometrics and require a pin, which police cannot force you to divulge without a warrant. Once enabled, you get a “lockdown mode” option in the menu when you hold down your power button.
If you haven’t done this and need the same ability IMMEDIATELY: reboot, or just shut down
Every first boot requires pin same as lockdown
Also: set a nonstandard finger in a weird way as your finger unlock if you wanna use that, then theyre likely to fail to get that to work should you not manage to lock it down beforehand
Finally: there are apps that let you use alternate codes/finger unlocks to wipe/encrypt/reboot the device instead, allowing you to pretend to cooperate with the cops up until they realize they got played
IANAL, but I’d be very careful about wiping the phone like that. Sounds a lot like destruction of evidence…
Gotta prove there was evidence on the phone in the first place, which would take forensic work to do and be not worth the work in the majority of cases
Plus it would annoy them, and that’s the real goal here
I imagine that would be one hell of a story to tell Bubba when they decide to lock you away for whatever false charges they can pin on you.
When the cops are about to fuck you like this… Defending yourself is the priority lol wtf clown take is this.
It’s not destruction of evidence though because without a warrant the information on the phone isn’t evidence, it’s just stuff on a phone. Stuff which is your stuff and you have every right to delete it whenever you want.
They would actually have to arrest you and acquire a warrant, try it to getting you to unlock the phone for it to be “evidence”.
The police would have a very hard time in court saying that there was evidence on the phone when they can’t produce any documentation to indicate they had any reason to believe this to be the case. Think about the exchange with the judge.
“Your honor this individual wiped their phone, thus destroying evidence”
“Very well, may I see the warrant?”
“Yeah… Er… Well about that…”
It doesn’t matter what the police may think you have done, if they don’t go via the process the case will be dismissed on a technicality. They hate doing that but they don’t really have a choice.
So many words to explain how you literally have no clue about how the law works.
Although lockdown mode is a good step and helps defend against biometric warrents, it does not wipe the encryption keys from RAM. This can only be achieved by using a secondary (non-default) user profile on GrapheneOS, and triggering the End session feature. This fully removes the cryptographic secrets from memory, and requires the PIN or password to unlock, which is enforced through the StrongBox and Weaver API of the Titan M2 secure element in Pixel devices.
You can use GrapheneOS, a security-focused version of Android which includes auto-reboot, timers that automatically turn off Wi-Fi and Bluetooth after you don’t use them for a certain period of time, a duress PIN/Password that wipes all the data from your device after it’s entered, as well as many other incredibly useful features.
It’s fully hardened from the ground up, including the Linux kernel, C library, memory allocator, SELinux policies, default firewall rules, and other vital system components.
I’m the only guy in my (small) friend group who still used pattern code instead of fingerprint so I take that to mean my phone is by default more difficult to break into than most. Giving my fingerprint to a giantic tech firm has always seemed like a bad idea so I never did. Though the fingerprint reader acts as a power button too so who knows if they’ve scanned it anyway.
Afaik the fingerprint is stored on dedicated hardware on your device, it never leaves your phone and cannot be “read”
Patterns are too easy to breach via brute force is my understanding like comically easy
Any modern phone os locks to pin after 3 tries.
Now depending how good they are, it’s often possible to guess it by looking at the smear patterns on the phone.
Most phones aren’t letting you try more than 5 attempts before you’re locked out. You can even set it up to erase after the attempts
Most attacks are done offline. If they clone the encrypted partition, they can brute-force as fast as they want. Pin lockouts can’t protect against that.
You are showing a limited understanding of law enforcement’s capabilities for brute force attacks.
They make an imagine ofnthe device and then brute force it so you better have that 16 character password.
Makes sense, but in that case, why do law enforcement even care if the OS reboots itself if they already have a copy of the encrypted contents?
properly passworded os still has vulnerabilities that they want to exploit.
OP is just one vulnerability closed.
You mentioned wipe feature after fialed tries, thats a tactic that a person with serious threat model can use but cops go a work around it.
All current stock Samsung phones can do this too, BTW.
Well, when you confiscate a piece of paper, even without a warrant to read it you can do that physically when it’s in your possession, and it’s part of the evidence or something, so everyone else can too, so why even fight for that detail.
They just pretended it’s fine with mobile computers.
I thought that “fruit of a poisonous tree” is a real principle, not just for books about Perry Mason. /s
So - yes. It’s just really hard to trust Apple.
To confiscate anything, unless it’s lying openly, you need a warrant.
If a cop sees an unlocked phone with evidence of a crime on it, that doesn’t need a warrant. If it’s locked and they only have the suspicion of evidence, they need a warrant. Same as with entering a building or drilling a safe.
Is analogy with people in (very quiet) places who don’t lock doors to their homes correct? Then it’s as if the door is not locked, a cop doesn’t have to ask permission (or warrant)?
No. Even if a house is unlocked, the fourth amendment guarantees “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures”.
What constitutes “unreasonable”, is of course, up to a judge.
If a cop can look in your window from the porch and see a meth lab, yeah, they’re going to come back with a warrant, mostly because they can’t just pick up the house and take it to evidence. If your phone is lying unlocked, and they see something obviously criminal on the screen, they’re going to take it right then and there.
That’s what I meant. Phones should be treated similarly to houses.
That argument sounds great until you consider that a piece of paper won’t contain almost the entirety of your personal information, web traffic, location history, communications. You may say you could find most of that pre computer era in someone’s house, but guess what you would need to get inside and find those pieces of paper…
It’s not an argument, just a thought.
They usually do have a warrant or it was seized lawfully.
This is about keeping them out even when it’s lawful.
Lawyer. Not true.
Example: An officer pulls someone over and suspects them of something arrestable. Then says “Do you want me to get your personal belongings from your car?”
Any person agreeing to this allows them to hold your phone as evidence indefinitely in the US now.
That’s all lawful.
They can search you and the area when arrested. They can search the car if they have probable cause that evidence will be in the vehicle
I said have a warrant or seized lawfully, not nust have a warrant.
Edit: I didn’t even write what I said I said correctly. Corrected it lol.
Seized or not, they can not force you to unlock your phone via pin without a warrant. They can only force you to use biometrics.
Right, but this is about them bypassing you entirely.
They don’t need your fingerprint or pass code if they can bypass it themselves. This feature protects you when they’ve seized it lawfully which can be for many reasons.
Or even if they’ve seized it unlawfully. Or if it’s been stolen by a regular thief, a cybercriminal, the mafia, or a cartel.
I’m not sure how much it would actually help for a regular thief.
This is about protecting it against more sophisticated attacks. But the rest probably have those means if wanted.
It is their job to find evidences, not my resposibility to provide them.
I’ve never said otherwise.
It’s their job to find a way to hack into the phone.
This feature makes that even harder.
Other people answered, but to your point, in some cases THEY CAN compel without a court order.
Biometrics don’t conform to certain laws, and it gets even more complicated if you’re entering the US through customs. They can practically hold you indefinitely if you don’t comply. Whether you have legal representation is sort of an after thought.
IT support everywhere sigh in satisfaction
GrapheneOS also has this. Not sure stock android includes it.
It does not. I don’t have it on my Pixel 6. From other people’s comments, it sounds like Samsung and other OEMs have added their version, though.
Yeah, can confirm Samsung has this. I have auto reboot configured.
Where would I find that setting? I have an S22 Ultra and I can’t seem to find it. Unless my phone has fallen out of support…
It’s under device care -> auto optimization in settings. You can also just search “restart” in settings and it should pop up.
Found it, thanks!
Thanks, didn’t know of this function. In my A50s it’s under Battery and Device Care
that makes me think that it’s a different feature, and it reboots the phone every x hours regardless if it was unlocked
so this is a restart-on-schedule feature that can skip a restart on certain conditions
I’ve added this function manually using Automate (https://play.google.com/store/apps/details?id=com.llamalab.automate).
You can trigger it to reboot on inactivity using some advanced parameters, but I’ve simply set it up to reboot at 3.30 AM every day, that way it’s also clearing the cache.
This is how it looks like - the 5 min wait timer is to prevent a reboot loop if the phone is still booted up at 3.30 again.
That seals the deal for me on rooting my pixel. I’ve been hesitant about rooting ever since I bricked an extra galaxy s3 and nearly bricked my (main device) Verizon galaxy s5
If you have a factory pixel, you don’t need to root. You can unlock bootloader and install a rom that has it (calyxos or grapheneos I know have them). You can root, but you don’t have to.
Putting graphineos onto my pixel was the easiest thing I’ve done in a long time, the installer is just pressing buttons and waiting for the next button to be ready pretty much.
How does it work for stuff like bank apps? Do they freak out about it?
And does it require unlocking the bootloader? I prefer to keep mine locked if possible.
My bank app works fine and I can use the NFC chip for payments as well, it might pay to search up your bank name and graphineos to see if anyone’s had an issue, that’s what I did to make sure.
You have to unlock it to install but once installed they prefer you lock the bootloader back up again.
GrapheneOS is the easiest ROM install bar none. Get the en browser (needs to be chrome-based) to the install url, hook the phone cable, and let it run. It’s super straightforward. It’s not rooting though, you don’t get root access by default.
Wow things sure changed about Android roms! I still remember how difficult it was to try to simply install a rom through Knox
samsung devices are still a different beast, they have their unique little everything and the standard tools don’t work there
It’s either root or having access to my bank accounts. 🙄
Change banks.
Have a 20 year mortgage with that bank so no.
You can add the function easily using https://play.google.com/store/apps/details?id=com.llamalab.automate, no root needed.
calyxOS has it too.
Didn’t know that. Just been manually rebooting. This is is much easier and more secure. Thanks!
Sure, glad to help. We need every bit of help against the powers that be at this point.
Agreed! When everything is actively against us, we must band together against everything.
Fighting centralized power with decentralized approach!
It does, labled “Auto Restart”, but only when “preformance issues detected” or time specified. Apple is quite late on this feature.
This is rebooting for a different reason. That auto reboot just kind assumes that the software on your phone sucks and it needs to reboot to stay running fast.
Graphene and now iOS auto reboot for security/privacy reasons.
The end result is the same though. First phone unlock is the one a bad actor can’t get through.
It’s not the same.
On an iPhone it’ll reboot after X hours of no use. That means it could go months without rebooting and the day after it’s in police hands it reboots.
The feature you’re talking about would need to be set to reboot every day at a specific time. Now you personally have to deal with that. Also until you unlock the phone as well there could be reduced functionality making it annoying.
Very different.
Not that hard to deal with honestly. Rebooting at night which I’m sleeping does not reduces any functionality, cuz I’m not using it. If someone needs to find me during the night he better call me cuz I won’t wake up by notification which is also suppressed by DND. Yeah it is not design for security but a solution better than none.
Furthermore, rebooting the device periodically is good for security, especially for non-persistent fileless malware.
on GrapheneOS it is labeled auto reboot and it specifically says “automatically reboot device if it hasn’t been unlocked in xxx hours” with a default of 18.
This is clearly the Samsung interface and thus not stock Android. Doesn’t even really look like the same feature.
Does that stop alarms from going off in the morning?
depends on your phone. at first encryption was done in an all-or-nothing style, so system startup couldn’t complete without a first unlock. then android started using file based encryption, which was used selectively, encrypting certain things so that they are accessible without an unlock.
the best way to figure it out is to set a new alarm 10 minutes from now, reboot your phone manually, and see whether the alarm goes off
I’m on S21FE and it does NOT.
Samsung does too but I’ve not set it up as such. Instead, it automatically locks the device from biometric unlocks every 24 hours until you login with your pin again.
GrapheneOS been had this feature, don’t let apple tell you they invented it.
Great software features should be available to all hardware, regardless of OS.
For sure I’m just joking about apple’s habit of taking a feature that has been around for YEARS and claiming they “innovated” it, usually after they strip it down a little no less (like in this case where it appears to be a setting users can’t access, but Graphene lets you turn it on/off or adjust the time between lock and reset.)
All six GrapheneOS users should be proud that the developers of their phone software are genius inventors!
There is no shortage of reasons to dislike Apple. This isn’t one of them.
There is a scene in Mr Robot where Darlene is able to do a full wipe on her phone without even looking at the screen.
I wish I was that good.
I want a way that I can trigger this from the main lock screen without unlocking the phone.
Like a specific pin you have to enter twice to trigger the full wipe.
GrapheneOS has this. I believe it’s called a Duress PIN.
I’ve set mine up so that entering my PIN backwards will nuke it. At which point I can ask for my phone back.
At which point you will be taken to a dark room downstairs and 3 cops will testify they tried very hard to stop you from violently and repetitively throwing your head at their baton in a menacing manner which made them fear for their life.
speaking of that.
this can wipe your phone on a trigger, or lock it with a different code, or send a broadcast message that other apps can act on: Wasted (Lock a device and wipe its data on emergency) https://f-droid.org/packages/me.lucky.wasted/
this reads the screen to see if you have used a special unlock code: Duress (Duress password trigger) https://f-droid.org/packages/me.lucky.duress/
read the app description of both, there’s important information
It also let’s you install a fake icon for some normal looking app like Threema. When you tap the app it factory resets the phone.
yeah they are pretty good apps! basically a must-have for protests, if you bring a smartphone. maybe for traveling too, in case it’s stolen
I can see these apps being good for traveling, in case of a stolen phone, but for protests I’ve almost always heard that you should bring a burner phone.
if the burner phone is a cheap smartphone, it could still be helpful
Do not under any circumstances bring your cell phone, dumb or not, to a protest.
Memorize important numbers, writing them in your arm if necessary.
Answer all questions with “I assert my fifth amendment right and will not answer any further questions without my attorney.”
Best you can do is auto wipe after 10 failed pins.
I feel that a lot of the hate for Apple is not fully warranted. Contrary to Google or Facebook, their business model is not built on collecting your personal data. They are extremely overpriced, but deliver good quality - I am using my first iPhone for more than 4 years now, I never had and Android last nearly that long.
I’m currently in a weird thing with Apple. I’ve been using Macs since ‘07 and iPhones since ‘10, and while they make absolutely incredible hardware, I’m sick of how much they rip off their customers, and I’m sick of being able to see the ways in which they adapt software to push you towards the thing that makes them the most money.
As a result I have an M2 MacBook which is the best laptop I’ve ever owned, and I’m close to putting Asahi on it to see if I can use that flavour of Linux as a daily driver. Come February, when my iPhone 13 mini is due for upgrade, I’m giving serious consideration to picking up a used Pixel 8 so I can use Graphene instead.
On a pixel 8 running graphene right now, I love it.
Did you switch to it from Android or iOS? Because as someone who’s only used iOS since 2010, I imagine it’ll be one hell of a shock.
Android. It might be a shock, but it’s great once you get used to it. I completely degoogled and went with apps that don’t spy, which was the hardest part, but you could set up a separate user profile for spyware stuff like snapchat or whatever. It might be beneficial to go ahead and get one, flash it, and use it with wifi or a prepaid sim for a bit while you still have your regular phone as a backup/main if you’re worried about the transition.
In my experience, that’s true, too. I won’t complain about build quality.
Pssst, apple collects your personal data, and like google they “don’t sell it,” instead they use it to build profiles on their users and then go to ad agencies and say “Ok give us money and we’ll serve your ad to X demographic.”
Does Apple serve ads? Not that I am aware of. I suppose their podcast player supports podcasts that have dynamic ad breaks but I honestly have no idea whether Apple is the one selling that ad space or the platform hosting the podcast is.
They have services that claim to, but tbf I don’t use apple products and I block ads like I’m spraying for roaches, so I’m just taking apple at their word.
Here’s a screencap from the TLDR of their terms of service I posted a link to, says right here “This service may use your personal information for marketing purposes” so…
As a member of the intelligence community, I can almost guarantee that this is directed at the increased use of Cellebrite UFED hardware, specifically putting the device back into BFU mode, which removes cryptography-related memory allocations. This is also why you’re asked for your password instead of face or fingerprint upon reboot.
I don’t know how Cellebrite is a legally operating company. Their entire business model is a violation of the computer fraud and abuse act.
No that’s only for when poor people do it
Cellebrite is developed in Israel, a country that legally should even exist, and is known for genocide, crime, espionage, manipulation and propaganda, more war crimes, illegal settlements, using their intelligence agency to assassinate political opponents abroad, etc.
The so-called “only democracy in the middle east”
Cellebrite isn’t American.
When the government does it, it’s not illegal.
I’m sure the CFAA has an explicit exception for law enforcement anyway. Laws always do.
Which is great, because you can’t warrant a password.
I am also an intelligent individual in a community! High five
It also wasn’t a quiet patch, users had to opt in.
As a member of the Intelligence community, please go find another job and stop harming people. Thanks.
The phrase “as a member of the intelligence community” is not the same “as as a mother”.
Assuming it is true, always a caveat on the internet, It would actually give them a unique perspective into the situation rather than just using it as a catch-all excuse for Karen’s to be an uninformed twit.
Don’t be naive
Some people’s job is to improve security by finding flaws.
IC refers to State actors. They don’t help people.
When they say they’re part of the intelligence community, it seems highly likely that they are spying on their own citizens, or at least that’s what their job entails.
The way this article is framed sounds like bullshit to me. 18.1 was released less than 2 weeks ago. Any phone running this version of iOS would have had to already been in custody and somehow upgraded to this version, or otherwise brought into custody very recently—too recently for this to have already posed such a problem that law enforcement is “freaking out” and reporting it to the media.
Don’t they auto update the OS when connected to a charger? But even then, that would have triggered a reboot already.
This is the easiest thing for people with money, and motivation to avoid happening.
Remove the sim card if it’s an older device, use a Faraday cage (your microwave is one) or a jammer. If you are the government you can also tell the telecom to block the phone from connecting
Police may be leaving phones online in case it continues receiving relevant evidence (texts, emails, etc).
The ars article mentioned 18.0 had a bug that caused random reboots so it might’ve been mostly that
iOS has auto update for a while and iOS users update their devices more often than Android. 2 weeks is not a long time for adoption of new version for iOS.
Wouldn’t that disrupt the usage of a phone as a server?
oh fuck I can’t stop laughing
You joke but people do that. I’ve seen people repurpose their old android phones to host small services on their home networks. I won’t comment on how reasonable it is because battery, but it’s a thing.
Literally no difference between a low power SOC RaspberryPi or a fucking phone which is the same thing with a built-in display.
could be a simple hot spot cell backup, like for reporting network outage, remoting in to certain devices, etc. essentially a secondary ISP to report on main isp and troubleshoot. especially if you have smart devices you could reboot remotely.
That’s it!! Now I will NEVER use an iPhone as a server. 😋
Interesting, tell me more please. I presume it requires loading a different OS image as standard iPhone/android OS images will pause apps and attempt to go into a deep sleep after a long enough period?
iPhone? Don’t these kill apps after a few minutes in background?
*seconds. KDE Connect dying the moment I turn off the iPad annoys me to this day.
A phone server that is disconnected from cellular is already broken anyways.
Meanwhile security-oriented Android forks: “You didn’t do that?”
Actually, Graphene and Calyx have this feature. I believe graphene may have it on by default at 18 hours, but I do not know about Calyx.
Calyx just copied the code from GrapheneOS, and I believe they still use the old GrapheneOS default of 72 hours
Well, if graphene turned it down to 18 hours, then they should as well. But I guess 72 hours is better than nothing.
Samsung phones have this as a feature too. I think it’s under device care
Oh nice
lineageOS has this as well, as does divestOS but you have to set it
I was unable to find this on lineage 21 and I don’t think it would work as well on lineage anyway, since the vast majority of the bootloaders cannot be locked once lineage is installed, which would negate a lot of this I would think.
my bad, i just checked on lineage 21 again and i can’t find it, but i’m sure it’s on divestOS
How long until it reboot when inactive?
Chris Wade, the founder of mobile analysis company Corellium, told 404 Media that after the fourth day of a device being in a locked state, the device reboots.
It wasn’t quite, I had to opt in.
What’s the setting name?
Inactivity reboot.
How I do this in Lineage?
Wait two weeks, someone will implement this as a Magisk module
Archived version (skip sign-up wall): https://archive.is/dxL65
If possible in your situation, reader:
Give 404 your proxy emails y’all… Proton, Mozilla, iCloud, whatever it is. They deserve the metrics.
i agree, they do deliver pretty good researched articles. it’s the only news site that gets monthly donations from me, and i’m not even interested in podcasts
They are absolutely shredding.
Good on you!
Yeah 404 doing journalism in the world of fake news…
Corpo shills can get fucked.
BFU has always been useful, it’s nice there’s a bit of autonomy to it now.
It’s also a good time to mention Shortcuts app has lots of useful functions that can automate your phone for security reasons. There are several community made / managed shortcuts that can do things like lock down the phone, enable certain features, and even start recording audio/video on the off chance you’ve been pulled over or are in some sort of situation. You can also tell the phone to power off / reboot via shortcuts which can be a final step after recording and uploading content to the cloud.
Stay safe out there.
If this is true, then it’s not a setting that users can access. At least not that I can find.
