Apple quietly introduced code into iOS 18.1 which reboots the device if it has not been unlocked for a period of time, reverting it to a state which improves the security of iPhones overall and is making it harder for police to break into the devices, according to multiple iPhone security experts.

On Thursday, 404 Media reported that law enforcement officials were freaking out that iPhones which had been stored for examination were mysteriously rebooting themselves. At the time the cause was unclear, with the officials only able to speculate why they were being locked out of the devices. Now a day later, the potential reason why is coming into view.

“Apple indeed added a feature called ‘inactivity reboot’ in iOS 18.1.,” Dr.-Ing. Jiska Classen, a research group leader at the Hasso Plattner Institute, tweeted after 404 Media published on Thursday along with screenshots that they presented as the relevant pieces of code.

  • ohellidk@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    1
    ·
    edit-2
    2 months ago

    well it’s kind of a selling point. I’m just too used to using android, though.

    Edit - there’s something for that too, cool!

    • NιƙƙιDιɱҽʂ@lemmy.world
      link
      fedilink
      English
      arrow-up
      46
      ·
      2 months ago

      You can enable lockdown mode. It forces the next unlock to ignore biometrics and require a pin, which police cannot force you to divulge without a warrant. Once enabled, you get a “lockdown mode” option in the menu when you hold down your power button.

    • ContrarianTrail@lemm.ee
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 months ago

      I’m the only guy in my (small) friend group who still used pattern code instead of fingerprint so I take that to mean my phone is by default more difficult to break into than most. Giving my fingerprint to a giantic tech firm has always seemed like a bad idea so I never did. Though the fingerprint reader acts as a power button too so who knows if they’ve scanned it anyway.

      • Damage@feddit.it
        link
        fedilink
        English
        arrow-up
        14
        ·
        2 months ago

        Afaik the fingerprint is stored on dedicated hardware on your device, it never leaves your phone and cannot be “read”

        • Crashumbc@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          edit-2
          2 months ago

          Any modern phone os locks to pin after 3 tries.

          Now depending how good they are, it’s often possible to guess it by looking at the smear patterns on the phone.

        • wellheh@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          4
          ·
          2 months ago

          Most phones aren’t letting you try more than 5 attempts before you’re locked out. You can even set it up to erase after the attempts

          • catloaf@lemm.ee
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            1
            ·
            2 months ago

            Most attacks are done offline. If they clone the encrypted partition, they can brute-force as fast as they want. Pin lockouts can’t protect against that.

          • sunzu2@thebrainbin.org
            link
            fedilink
            arrow-up
            3
            arrow-down
            1
            ·
            2 months ago

            You are showing a limited understanding of law enforcement’s capabilities for brute force attacks.

            They make an imagine ofnthe device and then brute force it so you better have that 16 character password.

            • wellheh@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 months ago

              Makes sense, but in that case, why do law enforcement even care if the OS reboots itself if they already have a copy of the encrypted contents?

              • sunzu2@thebrainbin.org
                link
                fedilink
                arrow-up
                1
                ·
                2 months ago

                properly passworded os still has vulnerabilities that they want to exploit.

                OP is just one vulnerability closed.

                You mentioned wipe feature after fialed tries, thats a tactic that a person with serious threat model can use but cops go a work around it.