"New iOS Security Feature Automatically Reboots Devices to Protect User Data"[1][2][3]

New iOS Security Feature: Inactivity Reboot

Apple has introduced a new security feature in iOS 18.1 that automatically reboots an iPhone if it has been idle for several days. This feature, known as the "inactivity reboot," aims to protect user data by erasing sensitive information from memory and preventing unauthorized extraction when the device is locked.

Key Points:

1. Automated Reboot:

   • The device will automatically reboot after an extended period of inactivity, usually around 96 hours[4].

2. Data Protection:

   • After the reboot, the phone enters a "Before First Unlock" (BFU) state, making it harder for forensic tools to access the device’s data[1][2][3].
   • Even the operating system can no longer access encrypted data using stored encryption keys[1][2].

3. Impact on Forensic Analysis:

   • Law enforcement officers initially encountered this behavior when iPhones in police custody rebooted unexpectedly, complicating forensic examinations[2][3].
   • Forensic labs are advised to isolate devices on iOS 18 to prevent reboots that erase their "After First Unlock" (AFU) state[2].

4. Implementation Details:

   • The feature is implemented in the keybagd and AppleSEPKeyStore kernel extension[1][2][3].
   • Jiska Classen, a researcher at the Hasso Plattner Institute, explained that the keystore is used when unlocking the device, and if it remains inactive, the reboot occurs[1][2].
5. Technical Explanation:
   • On iOS devices, all data is encrypted using an encryption key created during setup[1].
   • When an iPhone is unlocked, the encryption keys are loaded into memory. However, after an inactivity reboot, these keys are wiped from memory, rendering the data inaccessible[1][2].

By implementing this feature, Apple aims to protect user data from unauthorized access, even during prolonged periods of inactivity. This update ensures that while your iPhone may seem deactivated, its sensitive data remains highly secured.