Editor’s take: A security feature introduced in the latest version of Apple’s mobile operating system is reportedly causing headaches for law enforcement officials. It’s a controversial issue among some, but one that Apple likely isn’t going to compromise on.
404 Media reported last week that some iPhones in the possession of law enforcement were mysteriously rebooting, making it more difficult for forensic experts to break into them and extract data as part of investigations. It wasn’t exactly clear why or how this was happening at the time, but now we have a better understanding of what is going on.
A security researcher from Hasso Plattner Institute in Germany has seemingly cracked the case. According to Jiska Classen and others, Apple added a feature known as “inactivity reboot” to iOS 18.1 that reboots a device if it is inactive for a certain period of time.
Apple indeed added a feature called “inactivity reboot” in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device. pic.twitter.com/O3jijuqpN0
– Jiska (@naehrdine) November 8, 2024
Details are still emerging but the leading theory is that Apple’s new feature reboots a device after four days of inactivity. Apple no doubt justifies the feature as an added layer of security, making iOS devices even less desirable for thieves that aim to resell devices or collect private data from them. With less than a week to crack a stolen device before it reboots, thieves could device to pass up iPhones in favor of Android handsets that don’t such a restriction in place.
If that makes it harder for law enforcement to do their job, well… so be it. As we’ve seen in the past, Apple has little interest in going out of its way to break into its own devices to assist with police investigations.
As for the new feature, four days of inactivity feels adequate to trigger the feature. It’s long enough that it isn’t going to continually turn itself on by accident to the point that it becomes a nuisance, yet short enough to potentially have a meaningful impact against theft. And if the feature is triggered, all the owner needs to do is unlock the phone per usual using their passcode.