It would be beyond hilarious if Apple now went and implemented this safeguard. I don't even think a hard reboot would be necessary, simply if the phone hasn't had reception for some preset period of time, or if there's been more than some amount of incorrect logins, or no successful logins in some given amount of time, revert everything to the freshly booted state, encryption and all.
Great to see Apple taking a firm stance on this, this above other fancy features maintain customer loyalty.
People often point out the law enforcement case for breaking into phones but conveniently forget that the very same security holes used by law enforcement are used to make stealing phones more profitable and by other nation-states to spy, commit corporate espionage, etc.
Would the condition be irritating for me when am taking a very long multi transit flight and prefer to keep my phone on airplane mode because am trying to read My ebooks on my kindle during the journey and my phone keeps rebooting …
I think this is simply a matter of finding good defaults. In my opinion, the order of magnitude should be how many days without reception, not how many hours. A week sounds like a sane baseline for me, since that is more than ample time for most people to end up in a situation where you're connected again. Likewise you could reset the counter on a successful unlock. On the flip side, a week is not enough time to reasonably bruteforce anything if the time you have to wait before each retry goes up with every failure.
Actually, it would be beyond reckless for Apple to do anything other than implement this as a safeguard. The cops just gave up the game. Their only way into a locked phone is one in an AFU state. Apple doesn't give backdoors to law enforcement, so in lieu of Apple being able to patch this vulnerability, they absolutely should implement protections against it, including this one we just heard from the horse's mouth.
If Apple doesn't make this an official feature, or worse: fixes this issue for the convenience of law enforcement, we need to read that as Apple selling out our privacy to the government.
The idea that iPhones magically communicate with each other to “reboot randomly” when off a cellular network (assumably would happen on a plane easily) is pretty far fetched. The far more likely explanation is that iOS 18.0 has some radio/modem bugs that causes devices to randomly reboot, likely correlated with long periods of disuse or lack of network connectivity.
Or heck, if the phone thinks the cellular modem isn’t working (like the phone in a faraday cage), some watchdog might just timeout and reboot.
In any case, the idea that they’re randomly networking and intentionally rebooting to thwart this specific law enforcement attack seems pretty unlikely.
Yea, it seems like this would be easily verified, if true, by security experts. Watch the network traffic in a faraday cage. See some strange packets that don't make sense with currently used protocols, okay, maybe there is some truth. But if all you see are packets that arn't surprising (in this case, a ping to try to find a cell tower) and a reboot occurs, then there is no mystery, its probably as you suggest a bug or trying to self health from a failed watchdog check.
Its all happening over RF, its not like they can implement this so a signal opens a inter-dimensional portal and comes back out making it undetectable on the RF spectrum.
> The affected devices even included one that was in Airplane Mode and another that was kept in a Faraday cage
> The officials hypothesize that an iPhone running iOS 18 can send signals that make nearby units reboot if the device has been kept disconnected from cellular networks.
Either the officials are storing multiple devices in 1 cage, don't understand Faraday cages, or are arguing in bad faith.
> In October of 2024, multiple users of iPhone 16 Pro and iPhone 16 Pro Max units reported that their devices kept restarting themselves for no apparent reason. This is a known issue that occurred during normal use and one that Apple fixed with the iOS 18.1 update.
> This timeframe would also align with the creation of the alleged law enforcement document. Specifically, the document says that three iPhones with iOS 18.0 were brought into a forensics lab on October 3, after which they rebooted themselves.
They do communicate with each other for the "Find My" feature to work even when disconnected from cellular and wifi. It is basically the same operating principle behind Apple Tags.
I don't think it's what's happening here, but iPhones absolutely communicate with each other when there's no cellular network.
The 'Find My' network uses all iPhones/iPads/Macs (unless disabled) to locate said devices and other items over Bluetooth LE.
> The Find My network is an encrypted, anonymous network of hundreds of millions of Apple devices that can help find your stuff, even when it’s offline. Nearby devices securely send the location of your missing device to iCloud, so you can find it in Find My. It’s all anonymous and encrypted to protect everyone’s privacy.
— https://support.apple.com/en-au/104978
Sure, but iOS has to listen for them and do... something... when they see a "Find my iPhone" beacon.
TBH I think it's very unlikely, but it's entirely possible they could add a flag to those beacon messages suggesting other iOS devices reboot.
On the other hand, I can easily see it being an honest bug where being off a cellular network corrupts the beacon message somehow, and reading the corrupt messages triggers iOS to reboot.
What's interesting to me is that Apple's stance of not unlocking iPhones for law enforcement has led to this paranoia on law enforcements part. Honestly? Good.
Apple doesn’t have a stance of not unlocking phones for law enforcement. They give law enforcement whatever they’re asked for by subpoena.
Apple‘s stance is to build strong encryption so that they can’t access customers data. What they have refused to do is weaken that encryption so that they could start complying with future requests or sign tampered with firmware that would allow the decryption without user authorization.
Apple does have this stance. They have been subpoenaed before to assist in unlocking older iPhones that don't have as strong protection of user data as modern iPhones and they refused those orders as well.
Basically older iPhones without the modern secure enclave enforced the password attempt lockout period in software so the FBI obtained a court order to force apple to create and sign a new version of iOS that would not enforce the lockout period, which would allow the FBI to guess the password. Apple refused to create this new version of iOS and the FBI eventually retracted their request.
Modern iPhones enforce the lockout period in the secure enclave hardware so this is no longer something Apple could even possibly assist with.
I would think that the secure enclave controls the device (un-)locking process and also wouldn't install OTA firmware updates nor accept commands from USB-connected peripherals while the device is locked.
Settings > Passcode > Allow access when locked: [_] Accessories.
Off by default, providing a one hour timeout since last phone unlock; or instantly, upon biometric rejection or after holding power-volume-up to reach the power off menu.
Macs are typically enabling an equivalent to this by default as well now, as of the latest macOS update.
They also refused to make a build (signed by Apple) which would remove any of those protections, though technically possible, but would have tainted their products as backdoored. They were prepared to argue forcing them to do that would be the government compelling speech, a violation of the First Amendment, a precedent the FBI didn’t want, and so turned to a CellBright type service instead. Apple did make public statements at the time against backdooring devices which might be construed as a stance.
My conspiracy theory here is that Apple knows that this is how law enforcement goes about unlocking phones with tech like Cellbrite so they add in code to thwart that effort but keep quiet so they can have the plausible deniability of it just being a bug.
Easier to assume it's a theft ring deterrent, eliminating some of the routes to social engineering that theft rings have been using, further reducing the usefulness of collecting large numbers of stolen iPhones in the same central place.
I agree that it's unlikely but consider that Apple stores have a "dock" that can power on an iPhone and do an iOS upgrade while it's sealed in the box. Who knows what P2P communication protocols iPhones have.
Second this. It strikes me as a completely reasonable watchdog. Other than if you're keeping it around in a faraday cage it's very unlikely to receive *nothing* for an extended period. How many people take phones into such environments for extended periods? Thus if nothing is coming in it probably means something's messed up.
And if it reboots on the cops Apple probably considers that a plus.
iPhones are already communicating with any and every bluetooth capable Apple device to enable the findmy/airtag functionality aren't they? I dont believe this is necessarily true just that its theoretically possible.
It’s communication in that information is being passed, but it’s a one-way Bluetooth broadcast. It’s not any kind of two-way communication.
At most an iPhone may be able to broadcast a Bluetooth message saying “anybody out there?“. I don’t even know if that’s possible. I’m sure Apple‘s white paper has the answer but I don’t remember it.
The issue is not that Apple devices communicate with each other. It's the absurd claim that there's a secret handshake between Apple devices that tells them to reboot if they've been offline and locked for too long.
So sit around in a less secure state for weeks and months and only when externally triggered reboot? That's a stupid feature and makes no sense. If you were to base any partial security measure off of how long a device has been powered up and locked, then just use a timer. Why wait for another phone to wander by?
Though the digital forensics lab claims they were all in airplane mode with one inside a faraday box, so how are they communicating with each other? This suggests incompetence on their part, perhaps not actually putting them in airplane mode or not understanding that bluetooth/wifi can be enabled (and may enable themselves) separately from the cellular radio.
It’s very well established by numerous studies that apple products continuously scan for other wireless devices in their proximity, especially Apple ones but including wifi routers, and then upload their hardware IDs and MAC addresses to apple server, together with GPS location.
Where? If you want that to be partial evidence, you have to parse that sentence as:
(they’re randomly networking and intentionally rebooting) to thwart this specific law enforcement attack
which means
(they’re randomly networking to thwart this specific law enforcement attack) AND (they’re intentionally rebooting to thwart this specific law enforcement attack)
All you show is that they’re randomly networking, not that it’s for thwarting even any law enforcement attacks, so I don’t think what you say is partial evidence.
Just today, I got a notification on my Pixel to turn on "Theft Offline Device Lock". I can't claim that it puts the phone into a pre-first-auth state, I've not tried it yet and the docs aren't clear. Along with it came a "Remote lock" features, where visiting android.com/lock and putting in your phone number will also lock your device, so it requires the screen lock to unlock.
It would be sensible if both these features put the phone into a pre-first-auth mode.
“But the sufficiently nefarious might reboot or wipe their phone remotely,” is a component in the black letter law of the fourth amendment and exigency. Kind of interesting that now the handset manufacturer might be automatically doing that for all of us.
This reads more like a chain email forward than an actual analysis of the iPhone tech stack.
Fwd: Fwd: READ THIS!!! You won't believe what the iPhone does when off network and around other iPhones!!!
> It is believed that the iPhone devices with iOS 18.0 brought into the lab, if conditions were available, communicated with the other iPhone devices that were powered on in the vault in AFU. That communication sent a signal to devices to reboot after so much time had transpired since device activity or being off network.
The hypothesis doesn't make any sense because the phone doesn't need to communicate with other phones to decide to restart/lock based on lack of network signal.
> Matthew Green, a cryptographer and Johns Hopkins professor told 404 Media that the law enforcement officials' hypothesis about iOS 18 devices is "deeply suspect," but he was impressed with the concept.
GrapheneOS implements basically this as a security feature against non-persistent malware, and I think it's a great idea that all phones should do. Graphene has your phone reboot after an uptime greater than some value you pick.
GrapheneOS has a "reboot after x hours inactivity" feature specifically to prevent the scenario mentioned in the story. Otherwise leaving a phone powered on is a massive risk, especially if cops can keep it charged for months to wait for an exploit.
Yeah an option to "reboot after not being unlocked for x hours" where x is considerably longer than the average time the phone would ever be locked under normal circumstances, would be great for security.
Maybe designed to help with anti-theft? I already use a shortcut automation when airplane mode is turned on to lock my phone and turn off airplane mode, as that’s the first thing thieves would do.
This is a great idea. Perhaps add a moderate delay (say 30 seconds or 1 minute) to confuse them even more. Then they will think that airplane mode is active when it isn't.
You can just disable access to Control Center and Siri when locked. If you have an eSIM device, this is a really great thing to do, as it’ll always connect to a cellular network when available.
When you say theft, do you mean by someone with interest in the hardware or the data? Assuming hardware, I'm not sure I understand why a thief who intends to wipe it anyway would care about an auto restart versus normal screen lock. Assuming data, that's exactly what the article is about.
Are thieves really even stealing phones anymore? You can't pawn or sell them anymore because they can't just be reset and setup with a new account, batteries are becoming impossible to remove...all you can really take is the screen which isn't really worth much either.
Obviously, the logic board is locked to the owner's Apple account, but so is the display, battery, camera, and selfie camera. Basically the only thing you can reuse is the metal frame of the phone.
Phones are still stolen (since the cost of theft is $0) but stolen phones are worth closer to $5 than $1000.
> I know mobile networks keep lists of stolen devices, but they can't be used at all? Like all possible recovery modes demand authentication?
Newer phones for, I want to say maybe the last 5 years, yeah.
If it's turned off and you don't have the code to boot it, you can't access any kind of bootloader or recovery mode, it just shows a screen with an obfuscated email that is required to unlock it or something similar.
Gone are the days of just being able to do a factory reset.
How is this shortcut even possible? Maybe it’s because I have an older model or haven’t figured out how to build good Shortcuts yet, but I thought that every shortcut requires some kind of manual activation. Would you launch the shortcut from an Apple Watch? Wouldn’t iOS require confirmation from the thief to turn off airplane mode?
That being said, I have heard of a weird automation someone made where it would open an app as soon as they went to the Home Screen. It took some thinking for them to deactivate it because the shortcut was really fast to activate.
I typically activate airplane mode twice and have it fail. Remember the automation, go deactivate the automation and then airplane mode works. On actual airplanes, I’m more likely to simply power off my phone.
Personally I only use it for battery savings when camping or similar. It's not the kind of thing everyone cares about. I think we're long past the days where a flight full of phones frantically searching for towers during takeoff/landing would degrade the network for people on the ground, as may have been true way back when (and why) airplane mode was adopted as a standard feature.
I have to think that if mobile phones presented an actual interference threat to aircraft avionics systems they simply would not be allowed on board. You cannot assume that all the passengers will follow the instructions to turn them off/disable the radios.
It was never about that. It’s about interference with aircraft systems.
Look for “5G NOTAM” if you are someone who thinks this is bunk. Specifically, some radio altimeters (which are needed for some IMC approaches) can be interfered with by the adjacent 5G frequency bands due to not being built with a tight enough filter.
Cellphones used to operate on a frequency band that was very close to the same band used by ground proximity warning systems, so theoretically they could interfere with the safety systems on a plane. Modern phones use different frequency bands now.
When people say things like this what they're actually doing is falsely associating walkable urban fabric in cities like San Francisco, NYC, and large parts of Chicago as being especially dangerous just because it's only practical to be pick-pocketed on foot.
They say this while ignoring the generally low crime rates of those compared to peers. For example, Chicago has an almost 20% lower property crime rate than Peoria, IL. Fort Worth, TX has 52% higher property crime rate than New York City. Carmel, Indiana, an affluent suburb with a public high school ranked #354 in the country and 6th in Indiana, only manages to have a 28% better property crime rate than NYC.
(And driving a car around is a lot more statistically dangerous to your life than walking around a big city. I'd rather have my phone stolen than be t-boned by a drunk driver)
I very much doubt it. Far more likely to be a memory leak in the baseband which is exposed when the devices are unable to talk to the cellular network for a period of time.
Ya, I'm guessing these cops don't have iPhones because if they did they would know that iOS is just buggy. I mean, the last time I restarted my iPhone before iOS 18 was when I installed the last iOS 17 patch. Since installing iOS 18 I've had to restart it twice because it stopped responding.
You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.
> You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.
Iphones have 2 states when it comes to encryption:
Before First Unlock (BFU) - everything is encrypted. The most difficult state to hack.
After First Unlock (AFU) - data isn’t fully encrypted. Maybe it's for performance reasons. In this state exploits exist which police can use to get data.
Your suggestion of getting to the 'slide to power off' screen does NOT hardlock the phone (it does not put it in BFU).
It just means it requires a passcode. However, since it is in AFU mode, data can be exfiltrated with the right tools.
This is wrong. While this clears a some keys and prevents anyone from holding the phone up your face to unlock it, it doesn’t bring the phone back into a full BFU state.
Some keys can still be read, and depending on the exploit they use a lot of data could be extracted. BFU + good passcode is always the way to go.
If you have an iPhone SE Gen 3 (Or any other iPhone with TouchID, but models older than the SEGen3 have other weaknesses to worry about), you can do the same by spamming the power button 5 times.
You can also ask Siri to reboot or turn off your phone, Siri will ask you to confirm you want to do the action, but it doesn't take too long to do. Just in case you don't want to reach for your phone for what ever reason.
IDK about iOS, but android (or at least calyxOS/grapheneOS) has a feature where you can make the phone automatically reboot after a certain amount of time (thus removing the keys from memory).
Unfortunately, though, you won't be able to do so while handing it over, and US cops will just kill you if you take too long handing over your phone because they can.
Any time a police encounter starts, you can at least tap the standby button 5 times. It's not as good as a shutdown, but it will at least disable biometrics so it will require a password to unlock. They can't legally force you to reveal your password.
> the reported iPhone reboots highlight the constant cat and mouse game between law enforcement officers and forensic experts on one side, and phone manufacturers Apple and Google on the other.
I don't think Google is in this same category at all. Didn't they just recently give nest door unlock codes to LEO without even asking for a warrant?
Apple and Google are on different planets when it comes to user privacy.
My iPhone 16 on iOS 18 has been randomly respringing (as far as I can tell). Not fully rebooting but basically the UI crashes and it kicks me out to the lock screen.
I wonder if that's all this is. Probably a memory leak somewhere or some other bug.
I was thinking the same thing -- I've had to reboot my iPhone a couple of times since installing iOS 18 because it became unresponsive. It's been years since I've had an iPhone do that so this is very unusual.
We need to write an app to automatically reboot your iphone every night as a user selectable time if reboot your iphone is apparently phone spies kryptonite.
Cops are some of the greatest "victims" in our society. Encryption will make their investigations more difficult. They'll be judged first by the basis of the race of their suspect and then by the suspected crime. Even bodycams (which they're now quick to hail as they're "recording too," when people record interactions with their phones) were going to impeded their ability to do their jobs.
There are fewer groups with so much power who see themselves as downtrodden. I could name others, but that'd be going off-topic.
Another option is that whatever bug cellebrite was exploiting to extract data from iPhones in AFU mode is now subtly not working, leading to unexpected reboots when attempting extraction.
Why would the iPhones need to communicate in order to reboot? Just detect a lost network connection, add a timer, lack of normal user activity, some other signal, ....
There were a number of custom “crime phones”, run by criminal organizations. One of the features was rebooting when were arrested, as triggered by the criminal organization.
Law enforcement seems to be reading the behavior into the iPhone, which is understandable. They’ve see it before.
The real concern is how law enforcement seems to create these bright lines between “legitimate” and “illegitimate” security.
Shutting down when an attack is suspected is a reasonable security feature.
>Could easily just be a memory leak that is accumulating until the OS crashes.
That would be my assumption since they are storing them in labs while trying to crack them under non-normal conditions, so it could easily be a memory leak that doesn't happen under normal conditions. Either that or its the software they use to mess with the encryption causing issues.
Or not actually a leak, just overuse. Suppose there's some sort of log that accumulates while it's failing to communicate. Once it communicates the log gets dumped. Log gets too big, software faults, watchdog reboots it.
I don’t think it’s other iPhones that are sending a signal. Rather, it’s probably a security option that’s easy for most people to overlook in the Settings app. I have little knowledge about iPhone hacking, but I think in the same place where you can say “delete my data after 10 failed passcode attempts”, you can also force ask for a passcode to start using accessories again if it’s been a long time since it’s been unlocked. But I don’t think I have ever seen anything around rebooting. That sounds like a very nice feature though since rebooting apparently is good for making sure the phone clears spyware access.
> Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time.
My guess (and this is just a complete random guess), its a bug not a feature, prob to do with Find My, all the phones are prob airplane mode and they are all trying to talk to each other (and to the mothership) regarding Find My and are crashing out.
> The digital forensics lab that noticed the issue had several iPhones in AFU state reboot, including iPhones in Airplane mode and one in a faraday box.
You can stop reading there. iOS 18 doesn't add freaking telepathy to phones. Whether it's a bug or a new feature Apple added that reboots phones under certain circumstances, it's not "iPhones communicating to force reboots".
I'm glad HN doesn't allow emoji, but I do wish I could add :facepalm: or :eye-roll: here.
It's the faraday box part in particular. Airplane mode isn't a true no-radios mode on iPhone (this is well-known, or should be on HN at least). But it does leave cellular radios off. Wifi and bluetooth might need to be separately disabled and with wifi, at least, it'll turn back on after a while. So maybe (being very generous), if bluetooth or wifi is enabled or becomes re-enabled, there's a signal between the iPhones that causes this reboot behavior.
But how is a device in a faraday box receiving this signal and rebooting? And why do they need a signal when they could just use their own clocks and determine that it's been X days or weeks since last going online and reboot?
> how is a device in a faraday box receiving this signal and rebooting?
Doesn’t need to. Being in a Faraday box is a reasonable trigger for a single reboot. That said, the most incredulous part of this story is that iPhones can detect when they’re in a Faraday cage.
I'm going to go ahead and assert that they can't tell. A Faraday cage is just a deliberate construction of a situation that happens all the time anyway. Hospitals have lots of shielded rooms in and around the radiology department. The basement of a steel building is basically the same. So is anywhere on a ship. My aged house has lath and plaster walls that can simultaneously survive a nuclear blast and also block Wi-Fi unless the amp's turned up to 11. There's no sensor in an iPhone that could tell that it's in a specially-constructed Faraday cage instead of a plain old dresser drawer in my bedroom.
I'm not sure if that's possible. What's the difference between that and someone sitting their phone on a metal cabinet?
I'm even more confident that Apple hasn't spent the research hours required to do that reliably, then incorporate the electronics and software needed into off-the-shelf phones, all to protect criminals from having their phones hacked under very specific conditions. That seems like a huge money sink.
> What's the difference between that and someone sitting their phone on a metal cabinet?
In a zero-signal environment? With other iPhones in very close proximity?
You can even measure your false positive rate by timing to first successful unlock. If it happens more than once, turn down the sensitivity on the feature (or turn it off completely).
(Were I designing this feature, I’d let phones in this state poll the other phones on how long they’ve been in it.)
But the claim is that other iPhones in the area are triggering the reboot. Setting that claim aside, though, how would the device even tell it's in a faraday box versus just out in the woods?
Out there in the woods there's still GPS data. There are very few places on Earth outside a faraday cage where you can go for a long time without receiving *anything*.
> the claim is that other iPhones in the area are triggering the reboot
Lack of motion? The information the other phones provide are proximity (it’s unusual for people to pile their phones together), that the radios still work and possibly a timeline, e.g. if the other phone says “I’ve been in a suspicious state for two days,” the first phone can change its priors.
I could easily see this as a security measure. Give the phone a concept of fear of being stolen. Phone, alone, continued source of power for an extended period. Somebody could have left it on a charger and gone away. Phone, continued source of power for an extended period and static bluetooth signals from other phones--what's going on here? This is very suspicious, turn defenses to max. It doesn't need to know the difference between thieves trying to thwart it and cops trying to thwart it.
Faraday cages used by law enforcement, such as [1] aren't impervious to RF.
They provide enough attenuation to keep phones off the cellular network and prevent GNSS from working, but not enough to prevent communication with nearby devices via Bluetooth or wifi.
A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Unless the forensic lab has additional special shielding from cell towers, the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar, so they'd both be attenuated similarly.
> A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant
It's not constant at all. The level of attenuation varies greatly based on frequency. For the Ramsey STE3000 I have here, it varies by 40dB or more at the frequencies at which I've tested it. The enclosure good for around -100dB at 700MHz, but only -60dB or so at 2.4GHz.
> (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Even if you exclude mmWave and consider only the sub-6 bands, AT&T for example has LTE and 5G bands from 700MHz to 3700MHz. They're not similar at all. Worlds of difference in terms of propagation characteristics.
> the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar
No, they wouldn't.
On my Pixel 8 Pro right now I'm seeing -93dBm from a tower about half a mile down the road (700MHz LTE), and -40dBm from the BLE radio in the HVAC controller on the wall of this room, about 8 or 10 feet away. That's a 53dB difference.
If I put my phone in the box, it attenuates the LTE downlink from down the street to well below the thermal noise floor. It cannot do the same for BLE; my phone can still talk to the HVAC controller from inside.
Ah, then they could definitely communicate with each other.
And while I don't expect stock iPhones to do anything like what's being suggested in the article, I could see custom software activating a "panic mode" based on observations that plausibly suggest a device being in such an environment.
Anything's possible, but I am highly skeptical of the notion. Their little speakers don't have infinite frequency response, and I haven't heard reports of young teens saying their phones make weird chirps. Also, why on Earth would Apple do this? The notion that iPhone A in AFU mode is anxiously listening for iPhone B to come along and send it an audio trigger that it should reboot is hard to believe. It would be way easier to just tell iPhone A to reboot after N hours in AFU mode if they wanted to accomplish such a thing. And why would iPhone B be sending the "OMG reboot yourself!" audio signal to iPhone A in the first place?
They don’t need infinite frequency response, and I don’t think it’s unusual to have a frequency response outside of human hearing. I know for a fact that Cisco uses frequencies outside human hearing to help pair your computer to meeting room screens
Not an audio command, but even just holding down the volume and side buttons to open the power off menu, without actually powering off your phone, triggers the same behavior.
That locks the phone, but a reboot presumably drops a lot of in-memory caches, to one degree or another. I don’t know whether (or how well) iOS zeroes out memory, but I can certainly imagine the AFU state is easier to target than the BFU state.
This is absolutely some kind of non-technical user superstition style claim born from a little bit of paranoia that Apple hates cops because they don’t roll over easy (though they do follow subpoenas they are technically capable of following).
It's a good feature. A similar feature just got added to Android, too. If the phone loses network, it locks. If the accelerometer thinks that the phone has been snatched from your hand, it locks.
There's a difference between locking a phone and entering Before First Unlock state. After a reboot and before authentication the credentials stored on a phone are locked down much more securely, to the point (most) apps can't even start in the background.
Locking and disabling biometrics are good ways to add a quick layer of protection, but rebooting makes it incredibly difficult for exploit kits and other hacking tools to dump the contents of a phone's storage.
I'm thinking this may just be a bug (how often does a real world iPhone get zero available networks of any kind? Probably not enough for that use case to be tested thoroughly for days) but with how hard law enforcement is panicking about this, maybe it should be a feature. If they care this much, I don't think their expensive hacking subscription they've bought is working anymore, so it's probably working around some pretty bad vulnerabilities in iOS.
Btw, is there a way to set Android to automatically reboot at a fixed time? That'd only cost like 20 seconds more to unlock in the morning but reduce the chance of 3-letter-agencies being able to extract the content in AFU state.
Sadly GrapheneOS is only available on recent Pixel devices. I know I'm probably the only one that still cares about these features, but I won't buy a phone that requires me to hot-glue a USB dock to it just to get 3.5mm and microSD if I can simply buy a Sony instead :/
1) Keep the alarm data in an insecure location so that app can work before login. (A read only cache is fine)
2) Let me _choose_ if some other apps can live in the insecure storage partition too. E.G. Google Voice comes to mind along with any basic carrier integration stuff you'd rather just have even on a fully locked phone. (Why GV in unlocked? It interacts with the insecure phone network anyway, so that's not exactly holding much back. Maybe make message history harder to get to with a still locked device.)
My Xiaomi phone had a feature where it would boot the phone shortly before any alarms would go off, so you could shut it down before bed and barely drain the battery in the mean time. Still required manual shutdowns, though.
What happens if one is in a place with no connectivity for a long time? There are areas of the world like that. Periodic forced reboots are useless and harmful there. Think about reading ebooks offline or following a map with only GPS on.
Additionally, this wouldn't require a periodic reboot; only one. So, phone in After First Unlock state loses cellular connection -> timeout period expires without being unlocked -> phone reboots. This process only restarts once the user unlocks it _and_ it has re-acquired a cellular connection.
Actually... it looks like they may have just added somethign similar in iOS 18.1. It's based on the phone not being unlocked, though, not network activity.
A reboot of a phone is hardly the end of the word, and it's trivial and obvious to simply have the trigger conditions be slightly less simple and stupid. Like require some user activity. Require the pin again or some other reassurance.
What happens if one is in a place with no connectivity? What indeed? Nothing much. That's what happens.
I don't have an iPhone, but it's not exactly alien for me to be in a situation where I've gone more than a couple of hours without touching my phone but while it is doing something important: recording where I am. (And, yes, I have fallback options, but they aren't nearly as good.)
If you're going to put in an auto reboot either make it long enough nobody will trip it while the phone is legitimately recording something or make it configurable.
Do alarms work on iphones if they are in the BFU state? I'm pretty sure they don't on my android, because it hasn't even unlocked most of the bootloader if you haven't put your pin in.
Yes. If your iPhone updates over night (as I mentioned in another comment, common time for automatic updates or just to kick them off manually) your alarm still goes off the next day after it restarts.
Very little, which is why if you enable automatic updates on iPhones they try to apply those updates at night while the device is locked and charging, when most people are sleeping. If you're using the phone it won't activate at night and will let you know that it couldn't install the update.
Only harm I could see if someone grabs their phone to make emergency call and it's rebooting or locked and in their sleepy state, have trouble unlocking it.
However, I do think 12 hour "Phone hasn't been unlocked, reboot it" seems logical security feature to add.
It would be beyond hilarious if Apple now went and implemented this safeguard. I don't even think a hard reboot would be necessary, simply if the phone hasn't had reception for some preset period of time, or if there's been more than some amount of incorrect logins, or no successful logins in some given amount of time, revert everything to the freshly booted state, encryption and all.
They reportedly did:
https://chaos.social/@jiska/113447894119816217
That would make sense since thieves know that they have to get an iPhone offline to prevent Find My tracking and remote locking.
Great to see Apple taking a firm stance on this, this above other fancy features maintain customer loyalty.
People often point out the law enforcement case for breaking into phones but conveniently forget that the very same security holes used by law enforcement are used to make stealing phones more profitable and by other nation-states to spy, commit corporate espionage, etc.
Would the condition be irritating for me when am taking a very long multi transit flight and prefer to keep my phone on airplane mode because am trying to read My ebooks on my kindle during the journey and my phone keeps rebooting …
I think this is simply a matter of finding good defaults. In my opinion, the order of magnitude should be how many days without reception, not how many hours. A week sounds like a sane baseline for me, since that is more than ample time for most people to end up in a situation where you're connected again. Likewise you could reset the counter on a successful unlock. On the flip side, a week is not enough time to reasonably bruteforce anything if the time you have to wait before each retry goes up with every failure.
I also spend a lot of time with my phone in airplane mode, but I'd have no problem with a reboot after two or three failed login attempts.
I wish more people thought of it as a safeguard like you do.
Actually, it would be beyond reckless for Apple to do anything other than implement this as a safeguard. The cops just gave up the game. Their only way into a locked phone is one in an AFU state. Apple doesn't give backdoors to law enforcement, so in lieu of Apple being able to patch this vulnerability, they absolutely should implement protections against it, including this one we just heard from the horse's mouth.
If Apple doesn't make this an official feature, or worse: fixes this issue for the convenience of law enforcement, we need to read that as Apple selling out our privacy to the government.
The idea that iPhones magically communicate with each other to “reboot randomly” when off a cellular network (assumably would happen on a plane easily) is pretty far fetched. The far more likely explanation is that iOS 18.0 has some radio/modem bugs that causes devices to randomly reboot, likely correlated with long periods of disuse or lack of network connectivity.
Or heck, if the phone thinks the cellular modem isn’t working (like the phone in a faraday cage), some watchdog might just timeout and reboot.
In any case, the idea that they’re randomly networking and intentionally rebooting to thwart this specific law enforcement attack seems pretty unlikely.
Yea, it seems like this would be easily verified, if true, by security experts. Watch the network traffic in a faraday cage. See some strange packets that don't make sense with currently used protocols, okay, maybe there is some truth. But if all you see are packets that arn't surprising (in this case, a ping to try to find a cell tower) and a reboot occurs, then there is no mystery, its probably as you suggest a bug or trying to self health from a failed watchdog check.
Its all happening over RF, its not like they can implement this so a signal opens a inter-dimensional portal and comes back out making it undetectable on the RF spectrum.
One of the devices was stored in a Faraday cage in airplane mode[1] - there's literally nothing to monitor
[1]https://appleinsider.com/articles/24/11/07/iphones-stored-fo...
> The affected devices even included one that was in Airplane Mode and another that was kept in a Faraday cage
> The officials hypothesize that an iPhone running iOS 18 can send signals that make nearby units reboot if the device has been kept disconnected from cellular networks.
Either the officials are storing multiple devices in 1 cage, don't understand Faraday cages, or are arguing in bad faith.
> In October of 2024, multiple users of iPhone 16 Pro and iPhone 16 Pro Max units reported that their devices kept restarting themselves for no apparent reason. This is a known issue that occurred during normal use and one that Apple fixed with the iOS 18.1 update.
> This timeframe would also align with the creation of the alleged law enforcement document. Specifically, the document says that three iPhones with iOS 18.0 were brought into a forensics lab on October 3, after which they rebooted themselves.
Ah ignorance or bad faith after all.
Such a feature added intentionally would also impede theft rings, which might be the true intent.
They do communicate with each other for the "Find My" feature to work even when disconnected from cellular and wifi. It is basically the same operating principle behind Apple Tags.
I don't think it's what's happening here, but iPhones absolutely communicate with each other when there's no cellular network.
The 'Find My' network uses all iPhones/iPads/Macs (unless disabled) to locate said devices and other items over Bluetooth LE.
> The Find My network is an encrypted, anonymous network of hundreds of millions of Apple devices that can help find your stuff, even when it’s offline. Nearby devices securely send the location of your missing device to iCloud, so you can find it in Find My. It’s all anonymous and encrypted to protect everyone’s privacy. — https://support.apple.com/en-au/104978
But that’s just Bluetooth beacon stuff, it’s one way broadcast communication to anything that’s listening.
It’s like an automated ARP response packet that’s automatically transmitted occasionally without needing to hear a request.
Sure, but iOS has to listen for them and do... something... when they see a "Find my iPhone" beacon.
TBH I think it's very unlikely, but it's entirely possible they could add a flag to those beacon messages suggesting other iOS devices reboot.
On the other hand, I can easily see it being an honest bug where being off a cellular network corrupts the beacon message somehow, and reading the corrupt messages triggers iOS to reboot.
Who knows
do you have evidence that it is only a beacon signal between Apple devices post v18 ?
What's interesting to me is that Apple's stance of not unlocking iPhones for law enforcement has led to this paranoia on law enforcements part. Honestly? Good.
Apple doesn’t have a stance of not unlocking phones for law enforcement. They give law enforcement whatever they’re asked for by subpoena.
Apple‘s stance is to build strong encryption so that they can’t access customers data. What they have refused to do is weaken that encryption so that they could start complying with future requests or sign tampered with firmware that would allow the decryption without user authorization.
Apple does have this stance. They have been subpoenaed before to assist in unlocking older iPhones that don't have as strong protection of user data as modern iPhones and they refused those orders as well.
Basically older iPhones without the modern secure enclave enforced the password attempt lockout period in software so the FBI obtained a court order to force apple to create and sign a new version of iOS that would not enforce the lockout period, which would allow the FBI to guess the password. Apple refused to create this new version of iOS and the FBI eventually retracted their request.
Modern iPhones enforce the lockout period in the secure enclave hardware so this is no longer something Apple could even possibly assist with.
https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...
> Modern iPhones enforce the lockout period in the secure enclave hardware so this is no longer something Apple could even possibly assist with.
You mean in the sillicon itself? If it's done in the Secure Enclave's firmware then Apple could assist with unlocking.
I would think that the secure enclave controls the device (un-)locking process and also wouldn't install OTA firmware updates nor accept commands from USB-connected peripherals while the device is locked.
Settings > Passcode > Allow access when locked: [_] Accessories.
Off by default, providing a one hour timeout since last phone unlock; or instantly, upon biometric rejection or after holding power-volume-up to reach the power off menu.
Macs are typically enabling an equivalent to this by default as well now, as of the latest macOS update.
> Apple‘s stance is to build strong encryption so that they can’t access customers data.
In the US and EU, where it is politically easy. https://support.apple.com/en-us/111754
More correctly: In states where individual rights are protected.
They also refused to make a build (signed by Apple) which would remove any of those protections, though technically possible, but would have tainted their products as backdoored. They were prepared to argue forcing them to do that would be the government compelling speech, a violation of the First Amendment, a precedent the FBI didn’t want, and so turned to a CellBright type service instead. Apple did make public statements at the time against backdooring devices which might be construed as a stance.
> Apple doesn’t have a stance of not unlocking phones for law enforcement.
Yes and they have also made it such that they can't bypass all that by providing a mechanism to unlock the phone. Hence they don't unlock the phone.
As far as I know the iCloud backup are unencrypted so law enforcement can just request a backup of those instead.
You're not up-to-date and your language is not exact:
1. Your backups are encrypted in transit and at rest. You have a key, Apple also has one.
2. You can optionally ask Apple to get rid of its key to your backup. (https://support.apple.com/en-us/108756)
My conspiracy theory here is that Apple knows that this is how law enforcement goes about unlocking phones with tech like Cellbrite so they add in code to thwart that effort but keep quiet so they can have the plausible deniability of it just being a bug.
Easier to assume it's a theft ring deterrent, eliminating some of the routes to social engineering that theft rings have been using, further reducing the usefulness of collecting large numbers of stolen iPhones in the same central place.
I agree that it's unlikely but consider that Apple stores have a "dock" that can power on an iPhone and do an iOS upgrade while it's sealed in the box. Who knows what P2P communication protocols iPhones have.
Does that work on a configured, encrypted iPhone?
Second this. It strikes me as a completely reasonable watchdog. Other than if you're keeping it around in a faraday cage it's very unlikely to receive *nothing* for an extended period. How many people take phones into such environments for extended periods? Thus if nothing is coming in it probably means something's messed up.
And if it reboots on the cops Apple probably considers that a plus.
iPhones are already communicating with any and every bluetooth capable Apple device to enable the findmy/airtag functionality aren't they? I dont believe this is necessarily true just that its theoretically possible.
It’s communication in that information is being passed, but it’s a one-way Bluetooth broadcast. It’s not any kind of two-way communication.
At most an iPhone may be able to broadcast a Bluetooth message saying “anybody out there?“. I don’t even know if that’s possible. I’m sure Apple‘s white paper has the answer but I don’t remember it.
The issue is not that Apple devices communicate with each other. It's the absurd claim that there's a secret handshake between Apple devices that tells them to reboot if they've been offline and locked for too long.
So sit around in a less secure state for weeks and months and only when externally triggered reboot? That's a stupid feature and makes no sense. If you were to base any partial security measure off of how long a device has been powered up and locked, then just use a timer. Why wait for another phone to wander by?
Though the digital forensics lab claims they were all in airplane mode with one inside a faraday box, so how are they communicating with each other? This suggests incompetence on their part, perhaps not actually putting them in airplane mode or not understanding that bluetooth/wifi can be enabled (and may enable themselves) separately from the cellular radio.
It’s very well established by numerous studies that apple products continuously scan for other wireless devices in their proximity, especially Apple ones but including wifi routers, and then upload their hardware IDs and MAC addresses to apple server, together with GPS location.
https://www.scss.tcd.ie/doug.leith/apple_google.pdf
And what does that have to do with the article?
Parent wrote (emphasis mine):
> the idea that they’re randomly networking and intentionally rebooting to thwart this specific law enforcement attack seems pretty unlikely.
So there is partial evidence for it at least.
> So there is partial evidence for it at least.
Where? If you want that to be partial evidence, you have to parse that sentence as:
(they’re randomly networking and intentionally rebooting) to thwart this specific law enforcement attack
which means
(they’re randomly networking to thwart this specific law enforcement attack) AND (they’re intentionally rebooting to thwart this specific law enforcement attack)
All you show is that they’re randomly networking, not that it’s for thwarting even any law enforcement attacks, so I don’t think what you say is partial evidence.
Just today, I got a notification on my Pixel to turn on "Theft Offline Device Lock". I can't claim that it puts the phone into a pre-first-auth state, I've not tried it yet and the docs aren't clear. Along with it came a "Remote lock" features, where visiting android.com/lock and putting in your phone number will also lock your device, so it requires the screen lock to unlock.
It would be sensible if both these features put the phone into a pre-first-auth mode.
“But the sufficiently nefarious might reboot or wipe their phone remotely,” is a component in the black letter law of the fourth amendment and exigency. Kind of interesting that now the handset manufacturer might be automatically doing that for all of us.
These articles should make fun of how silly these cops are instead of passing along their silly rumors as if they have any chance of being valid.
This reads more like a chain email forward than an actual analysis of the iPhone tech stack.
Fwd: Fwd: READ THIS!!! You won't believe what the iPhone does when off network and around other iPhones!!!
> It is believed that the iPhone devices with iOS 18.0 brought into the lab, if conditions were available, communicated with the other iPhone devices that were powered on in the vault in AFU. That communication sent a signal to devices to reboot after so much time had transpired since device activity or being off network.
The hypothesis doesn't make any sense because the phone doesn't need to communicate with other phones to decide to restart/lock based on lack of network signal.
> Matthew Green, a cryptographer and Johns Hopkins professor told 404 Media that the law enforcement officials' hypothesis about iOS 18 devices is "deeply suspect," but he was impressed with the concept.
Just about sums it up.
GrapheneOS implements basically this as a security feature against non-persistent malware, and I think it's a great idea that all phones should do. Graphene has your phone reboot after an uptime greater than some value you pick.
> Graphene has your phone reboot after an uptime greater than some value you pick.
It automatically reboots after the device hasn't been unlocked within the selected duration, not after certain uptime has been reached
It's also available on Samsung (mine is set to reboot every day), not sure if it's standard on Android or not
GrapheneOS has a "reboot after x hours inactivity" feature specifically to prevent the scenario mentioned in the story. Otherwise leaving a phone powered on is a massive risk, especially if cops can keep it charged for months to wait for an exploit.
Yeah an option to "reboot after not being unlocked for x hours" where x is considerably longer than the average time the phone would ever be locked under normal circumstances, would be great for security.
Maybe designed to help with anti-theft? I already use a shortcut automation when airplane mode is turned on to lock my phone and turn off airplane mode, as that’s the first thing thieves would do.
This is a great idea. Perhaps add a moderate delay (say 30 seconds or 1 minute) to confuse them even more. Then they will think that airplane mode is active when it isn't.
You can just disable access to Control Center and Siri when locked. If you have an eSIM device, this is a really great thing to do, as it’ll always connect to a cellular network when available.
I think the cool thing about this shortcut is that it'll work even if the thief stole your phone while unlocked.
When you say theft, do you mean by someone with interest in the hardware or the data? Assuming hardware, I'm not sure I understand why a thief who intends to wipe it anyway would care about an auto restart versus normal screen lock. Assuming data, that's exactly what the article is about.
Are thieves really even stealing phones anymore? You can't pawn or sell them anymore because they can't just be reset and setup with a new account, batteries are becoming impossible to remove...all you can really take is the screen which isn't really worth much either.
https://abc7ny.com/amp/crime-spree-phones-stolen-nyc-migrant...
So they've given up on hardware and are now looking for insecure phones to try and access banking apps. Interesting.
> can't just be reset and setup with a new account
I know mobile networks keep lists of stolen devices, but they can't be used at all? Like all possible recovery modes demand authentication?
Apple calls this Activation Lock: https://support.apple.com/en-us/108794 https://support.apple.com/en-us/120610
Obviously, the logic board is locked to the owner's Apple account, but so is the display, battery, camera, and selfie camera. Basically the only thing you can reuse is the metal frame of the phone.
Phones are still stolen (since the cost of theft is $0) but stolen phones are worth closer to $5 than $1000.
> I know mobile networks keep lists of stolen devices, but they can't be used at all? Like all possible recovery modes demand authentication?
Newer phones for, I want to say maybe the last 5 years, yeah.
If it's turned off and you don't have the code to boot it, you can't access any kind of bootloader or recovery mode, it just shows a screen with an obfuscated email that is required to unlock it or something similar.
Gone are the days of just being able to do a factory reset.
True, but my iPhone 15 Pro was stolen, powered down, and likely ended up in china for parts.
How is this shortcut even possible? Maybe it’s because I have an older model or haven’t figured out how to build good Shortcuts yet, but I thought that every shortcut requires some kind of manual activation. Would you launch the shortcut from an Apple Watch? Wouldn’t iOS require confirmation from the thief to turn off airplane mode?
That being said, I have heard of a weird automation someone made where it would open an app as soon as they went to the Home Screen. It took some thinking for them to deactivate it because the shortcut was really fast to activate.
It’s in the automation tab of the shortcuts.app. You define trigger conditions and the shortcut to trigger.
How do you turn on airplane mode when that's actually what you want to do?
I typically activate airplane mode twice and have it fail. Remember the automation, go deactivate the automation and then airplane mode works. On actual airplanes, I’m more likely to simply power off my phone.
Personally I only use it for battery savings when camping or similar. It's not the kind of thing everyone cares about. I think we're long past the days where a flight full of phones frantically searching for towers during takeoff/landing would degrade the network for people on the ground, as may have been true way back when (and why) airplane mode was adopted as a standard feature.
I have to think that if mobile phones presented an actual interference threat to aircraft avionics systems they simply would not be allowed on board. You cannot assume that all the passengers will follow the instructions to turn them off/disable the radios.
The rule isn't an FAA rule, it's FCC. The issue is about the cell networks, not the aircraft.
It was never about that. It’s about interference with aircraft systems.
Look for “5G NOTAM” if you are someone who thinks this is bunk. Specifically, some radio altimeters (which are needed for some IMC approaches) can be interfered with by the adjacent 5G frequency bands due to not being built with a tight enough filter.
Cellphones used to operate on a frequency band that was very close to the same band used by ground proximity warning systems, so theoretically they could interfere with the safety systems on a plane. Modern phones use different frequency bands now.
Neat trick. But in what cities do people need to live like this?
San Francisco. Or almost any other big American city for that matter.
When people say things like this what they're actually doing is falsely associating walkable urban fabric in cities like San Francisco, NYC, and large parts of Chicago as being especially dangerous just because it's only practical to be pick-pocketed on foot.
They say this while ignoring the generally low crime rates of those compared to peers. For example, Chicago has an almost 20% lower property crime rate than Peoria, IL. Fort Worth, TX has 52% higher property crime rate than New York City. Carmel, Indiana, an affluent suburb with a public high school ranked #354 in the country and 6th in Indiana, only manages to have a 28% better property crime rate than NYC.
(And driving a car around is a lot more statistically dangerous to your life than walking around a big city. I'd rather have my phone stolen than be t-boned by a drunk driver)
Any city with police that might steal your phone. So... all of them.
Savvy thieves would just use a faraday cage case/bag I guess.
Savvy thieves would probably choose a different occupation. Prisons are full of stupid criminals.
Sure. Or just power down. No FaceID or password code required. Find My may still work though, so thieves do use faraday bags.
> The idea that phones should reboot periodically after an extended period with no network is absolutely brilliant
If this is brilliant I'm Einstein
I very much doubt it. Far more likely to be a memory leak in the baseband which is exposed when the devices are unable to talk to the cellular network for a period of time.
Ya, I'm guessing these cops don't have iPhones because if they did they would know that iOS is just buggy. I mean, the last time I restarted my iPhone before iOS 18 was when I installed the last iOS 17 patch. Since installing iOS 18 I've had to restart it twice because it stopped responding.
If that's what's going on, it might be the best example of "it's not a bug, it's a feature!" ever.
So what did we learn class? If you’re ever in a situation where your iPhone is being seized, power it down :)
You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.
> You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.
Iphones have 2 states when it comes to encryption:
Before First Unlock (BFU) - everything is encrypted. The most difficult state to hack.
After First Unlock (AFU) - data isn’t fully encrypted. Maybe it's for performance reasons. In this state exploits exist which police can use to get data.
Your suggestion of getting to the 'slide to power off' screen does NOT hardlock the phone (it does not put it in BFU).
It just means it requires a passcode. However, since it is in AFU mode, data can be exfiltrated with the right tools.
You should definitely power it down to be secure.
This is wrong. While this clears a some keys and prevents anyone from holding the phone up your face to unlock it, it doesn’t bring the phone back into a full BFU state.
Some keys can still be read, and depending on the exploit they use a lot of data could be extracted. BFU + good passcode is always the way to go.
>BFU state.
"Before first unlock", for those like me who weren't familiar with this particular acronym.
If you have an iPhone SE Gen 3 (Or any other iPhone with TouchID, but models older than the SEGen3 have other weaknesses to worry about), you can do the same by spamming the power button 5 times.
You can also ask Siri to reboot or turn off your phone, Siri will ask you to confirm you want to do the action, but it doesn't take too long to do. Just in case you don't want to reach for your phone for what ever reason.
IDK about iOS, but android (or at least calyxOS/grapheneOS) has a feature where you can make the phone automatically reboot after a certain amount of time (thus removing the keys from memory).
Unfortunately, though, you won't be able to do so while handing it over, and US cops will just kill you if you take too long handing over your phone because they can.
Any time a police encounter starts, you can at least tap the standby button 5 times. It's not as good as a shutdown, but it will at least disable biometrics so it will require a password to unlock. They can't legally force you to reveal your password.
The theory makes zero sense on many levels. Why are we are publishing cop’s guesses on how software giants work…
“Helping criminals“ gets headlines. Anything involving Apple gets headlines.
Apple “helping criminals“ is a gold mine.
I can’t read the full article, but I’d be surprised if the cops didn’t manage to claim how this is somehow related to fentanyl in there somewhere.
> the reported iPhone reboots highlight the constant cat and mouse game between law enforcement officers and forensic experts on one side, and phone manufacturers Apple and Google on the other.
I don't think Google is in this same category at all. Didn't they just recently give nest door unlock codes to LEO without even asking for a warrant?
Apple and Google are on different planets when it comes to user privacy.
>Didn't they just recently give nest door unlock codes to LEO without even asking for a warrant?
Did they? I don't remember seeing anything about that.
My iPhone 16 on iOS 18 has been randomly respringing (as far as I can tell). Not fully rebooting but basically the UI crashes and it kicks me out to the lock screen.
I wonder if that's all this is. Probably a memory leak somewhere or some other bug.
I was thinking the same thing -- I've had to reboot my iPhone a couple of times since installing iOS 18 because it became unresponsive. It's been years since I've had an iPhone do that so this is very unusual.
I haven't kept up with iOS feature developments, but modern Android devices can be configured to lock automatically if they go offline.
The purpose of this is to counter a thief putting your phone into aeroplane mode to prevent you remote locking or erasing the device.
We need to write an app to automatically reboot your iphone every night as a user selectable time if reboot your iphone is apparently phone spies kryptonite.
iPhone shortcuts can already do that. Create a shortcut to restart the device and an automation to run it at a particular time of day.
iOS 18.1 has a release note about fixing unexpected restarts on iPhone 16 and iPhone 16 Pro models.
https://support.apple.com/en-us/121161#a181 (last item)
Cops are some of the greatest "victims" in our society. Encryption will make their investigations more difficult. They'll be judged first by the basis of the race of their suspect and then by the suspected crime. Even bodycams (which they're now quick to hail as they're "recording too," when people record interactions with their phones) were going to impeded their ability to do their jobs.
There are fewer groups with so much power who see themselves as downtrodden. I could name others, but that'd be going off-topic.
You sound right on the money here. Occam’s Razor suggests they’re rebooting for a reason we know about rather than an undocumented security feature.
Another option is that whatever bug cellebrite was exploiting to extract data from iPhones in AFU mode is now subtly not working, leading to unexpected reboots when attempting extraction.
Sounds like, if the cops take your iPhone, you should immediately deactivate your eSIM or cancel your service.
But, assuming the cops are right for a minute, wouldn't you want your phone to reboot so it would be harder for them to brute force it?
Why would the iPhones need to communicate in order to reboot? Just detect a lost network connection, add a timer, lack of normal user activity, some other signal, ....
Betcha ten bucks it's an on device timer.
It seems like an untested theory that should be easily reproducible?
Sounds like a timer, if not just a crash. Nothing here sounds like a the phones are communicating with each other.
Frankly I'm all for phones detecting that they're in an unusual state and changing posture to a higher security level.
There were a number of custom “crime phones”, run by criminal organizations. One of the features was rebooting when were arrested, as triggered by the criminal organization.
Law enforcement seems to be reading the behavior into the iPhone, which is understandable. They’ve see it before.
The real concern is how law enforcement seems to create these bright lines between “legitimate” and “illegitimate” security.
Shutting down when an attack is suspected is a reasonable security feature.
It's a dot zero release.
Could easily just be a memory leak that is accumulating until the OS crashes.
>Could easily just be a memory leak that is accumulating until the OS crashes.
That would be my assumption since they are storing them in labs while trying to crack them under non-normal conditions, so it could easily be a memory leak that doesn't happen under normal conditions. Either that or its the software they use to mess with the encryption causing issues.
Or not actually a leak, just overuse. Suppose there's some sort of log that accumulates while it's failing to communicate. Once it communicates the log gets dumped. Log gets too big, software faults, watchdog reboots it.
I don’t think it’s other iPhones that are sending a signal. Rather, it’s probably a security option that’s easy for most people to overlook in the Settings app. I have little knowledge about iPhone hacking, but I think in the same place where you can say “delete my data after 10 failed passcode attempts”, you can also force ask for a passcode to start using accessories again if it’s been a long time since it’s been unlocked. But I don’t think I have ever seen anything around rebooting. That sounds like a very nice feature though since rebooting apparently is good for making sure the phone clears spyware access.
> Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time.
My guess (and this is just a complete random guess), its a bug not a feature, prob to do with Find My, all the phones are prob airplane mode and they are all trying to talk to each other (and to the mothership) regarding Find My and are crashing out.
Probably a bug but a feature on GrapheneOS
https://grapheneos.org/features#auto-reboot
Insert it’s not q bug, it’s a feature image
Seems more like the phone batteries went to zero and then power came back on and they went back up but obviously restarted.
If you are not looking at a phone all day, you may not have noticed that the power was out to them over some weekend.
I'd assume they keep them powered up when they have them stored in a lab trying to crack the encryption on them.
This is like the junior QA coming to you and is so sure of himself and he think his theory is 100% correct
More discussion on the source: https://news.ycombinator.com/item?id=42083052
> The digital forensics lab that noticed the issue had several iPhones in AFU state reboot, including iPhones in Airplane mode and one in a faraday box.
You can stop reading there. iOS 18 doesn't add freaking telepathy to phones. Whether it's a bug or a new feature Apple added that reboots phones under certain circumstances, it's not "iPhones communicating to force reboots".
I'm glad HN doesn't allow emoji, but I do wish I could add :facepalm: or :eye-roll: here.
Why? This seems like a smart anti-theft measure. (Bunch of iPhones in a radio silent environment together, maybe also not moving or detecting light.)
It's the faraday box part in particular. Airplane mode isn't a true no-radios mode on iPhone (this is well-known, or should be on HN at least). But it does leave cellular radios off. Wifi and bluetooth might need to be separately disabled and with wifi, at least, it'll turn back on after a while. So maybe (being very generous), if bluetooth or wifi is enabled or becomes re-enabled, there's a signal between the iPhones that causes this reboot behavior.
But how is a device in a faraday box receiving this signal and rebooting? And why do they need a signal when they could just use their own clocks and determine that it's been X days or weeks since last going online and reboot?
> how is a device in a faraday box receiving this signal and rebooting?
Doesn’t need to. Being in a Faraday box is a reasonable trigger for a single reboot. That said, the most incredulous part of this story is that iPhones can detect when they’re in a Faraday cage.
I'm going to go ahead and assert that they can't tell. A Faraday cage is just a deliberate construction of a situation that happens all the time anyway. Hospitals have lots of shielded rooms in and around the radiology department. The basement of a steel building is basically the same. So is anywhere on a ship. My aged house has lath and plaster walls that can simultaneously survive a nuclear blast and also block Wi-Fi unless the amp's turned up to 11. There's no sensor in an iPhone that could tell that it's in a specially-constructed Faraday cage instead of a plain old dresser drawer in my bedroom.
Could the phone detect that they are in a small conductive box: stronger interference back when they send a signal?
I'm not sure if that's possible. What's the difference between that and someone sitting their phone on a metal cabinet?
I'm even more confident that Apple hasn't spent the research hours required to do that reliably, then incorporate the electronics and software needed into off-the-shelf phones, all to protect criminals from having their phones hacked under very specific conditions. That seems like a huge money sink.
> What's the difference between that and someone sitting their phone on a metal cabinet?
In a zero-signal environment? With other iPhones in very close proximity?
You can even measure your false positive rate by timing to first successful unlock. If it happens more than once, turn down the sensitivity on the feature (or turn it off completely).
(Were I designing this feature, I’d let phones in this state poll the other phones on how long they’ve been in it.)
But the claim is that other iPhones in the area are triggering the reboot. Setting that claim aside, though, how would the device even tell it's in a faraday box versus just out in the woods?
Out there in the woods there's still GPS data. There are very few places on Earth outside a faraday cage where you can go for a long time without receiving *anything*.
> the claim is that other iPhones in the area are triggering the reboot
Lack of motion? The information the other phones provide are proximity (it’s unusual for people to pile their phones together), that the radios still work and possibly a timeline, e.g. if the other phone says “I’ve been in a suspicious state for two days,” the first phone can change its priors.
I could easily see this as a security measure. Give the phone a concept of fear of being stolen. Phone, alone, continued source of power for an extended period. Somebody could have left it on a charger and gone away. Phone, continued source of power for an extended period and static bluetooth signals from other phones--what's going on here? This is very suspicious, turn defenses to max. It doesn't need to know the difference between thieves trying to thwart it and cops trying to thwart it.
environmental RF in the woods, vs band specific shielding in farady cage.
Ultrasound?
Because iPhones can't ping each other when one's inside a Faraday cage.
Faraday cages used by law enforcement, such as [1] aren't impervious to RF.
They provide enough attenuation to keep phones off the cellular network and prevent GNSS from working, but not enough to prevent communication with nearby devices via Bluetooth or wifi.
[1] https://ramseytest.com/rf-shielded/forensic-enclosure/
That sounds implausible.
A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Unless the forensic lab has additional special shielding from cell towers, the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar, so they'd both be attenuated similarly.
> That sounds implausible.
I can say from experience that it is not.
> A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant
It's not constant at all. The level of attenuation varies greatly based on frequency. For the Ramsey STE3000 I have here, it varies by 40dB or more at the frequencies at which I've tested it. The enclosure good for around -100dB at 700MHz, but only -60dB or so at 2.4GHz.
> (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Even if you exclude mmWave and consider only the sub-6 bands, AT&T for example has LTE and 5G bands from 700MHz to 3700MHz. They're not similar at all. Worlds of difference in terms of propagation characteristics.
> the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar
No, they wouldn't.
On my Pixel 8 Pro right now I'm seeing -93dBm from a tower about half a mile down the road (700MHz LTE), and -40dBm from the BLE radio in the HVAC controller on the wall of this room, about 8 or 10 feet away. That's a 53dB difference.
If I put my phone in the box, it attenuates the LTE downlink from down the street to well below the thermal noise floor. It cannot do the same for BLE; my phone can still talk to the HVAC controller from inside.
>It cannot do the same for BLE; my phone can still talk to the HVAC controller from inside.
That's surprising, you'd think those boxes would be better at blocking signals since that's what they're designed to do.
They work very well, but it's physically impossible for them to be perfect.
I assumed they have one cage they toss all the phones in.
Ah, then they could definitely communicate with each other.
And while I don't expect stock iPhones to do anything like what's being suggested in the article, I could see custom software activating a "panic mode" based on observations that plausibly suggest a device being in such an environment.
You're probably right, but wouldn't intermittent audio sidestep a faraday cage?
Edit: I noticed it's "box" and not "cage" but I think the same what-if applies here.
Anything's possible, but I am highly skeptical of the notion. Their little speakers don't have infinite frequency response, and I haven't heard reports of young teens saying their phones make weird chirps. Also, why on Earth would Apple do this? The notion that iPhone A in AFU mode is anxiously listening for iPhone B to come along and send it an audio trigger that it should reboot is hard to believe. It would be way easier to just tell iPhone A to reboot after N hours in AFU mode if they wanted to accomplish such a thing. And why would iPhone B be sending the "OMG reboot yourself!" audio signal to iPhone A in the first place?
They don’t need infinite frequency response, and I don’t think it’s unusual to have a frequency response outside of human hearing. I know for a fact that Cisco uses frequencies outside human hearing to help pair your computer to meeting room screens
Is there an audio command you can say to cause Siri to BFU?
Not an audio command, but even just holding down the volume and side buttons to open the power off menu, without actually powering off your phone, triggers the same behavior.
That locks the phone, but a reboot presumably drops a lot of in-memory caches, to one degree or another. I don’t know whether (or how well) iOS zeroes out memory, but I can certainly imagine the AFU state is easier to target than the BFU state.
hmmm good one to add to the "before crossing an international border" toolkit
> good one to add to the "before crossing an international border" toolkit
You’re in for a bad time refusing to unlock at most borders.
“Hey Siri, reboot”?
Watchdog timer??
Why would phones need another phone nearby to “tell them to reboot”
Makes no sense.
They’re social animals, I guess.
This is absolutely some kind of non-technical user superstition style claim born from a little bit of paranoia that Apple hates cops because they don’t roll over easy (though they do follow subpoenas they are technically capable of following).
It's a good feature. A similar feature just got added to Android, too. If the phone loses network, it locks. If the accelerometer thinks that the phone has been snatched from your hand, it locks.
There's a difference between locking a phone and entering Before First Unlock state. After a reboot and before authentication the credentials stored on a phone are locked down much more securely, to the point (most) apps can't even start in the background.
Locking and disabling biometrics are good ways to add a quick layer of protection, but rebooting makes it incredibly difficult for exploit kits and other hacking tools to dump the contents of a phone's storage.
I'm thinking this may just be a bug (how often does a real world iPhone get zero available networks of any kind? Probably not enough for that use case to be tested thoroughly for days) but with how hard law enforcement is panicking about this, maybe it should be a feature. If they care this much, I don't think their expensive hacking subscription they've bought is working anymore, so it's probably working around some pretty bad vulnerabilities in iOS.
For me iPhone looses all connectivity on a daily basis. No cellular signals are available in the underground parking lot that I use.
[dead]
> If the phone loses network, it locks.
Am I the last person who regularly experinces dead zones, or does this sound crazy?
There's no need to lock the phone just because I'm on the highway at this one spot on the way out of town.
It's a minor inconvenience to reenter your PIN, and it's optional and disabled by default. Seems harmless.
Btw, is there a way to set Android to automatically reboot at a fixed time? That'd only cost like 20 seconds more to unlock in the morning but reduce the chance of 3-letter-agencies being able to extract the content in AFU state.
I can't find anything built into my Pixel, but it seems that Samsung and others offer it, or otherwise third party apps:
https://www.reddit.com/r/androidapps/comments/1cscmu8/app_th...
GrapheneOS has a feature to auto-reboot the device if it hasn't been unlocked in X hours.
Set it sufficiently low, and it's a pretty good option to ensure keys are evicted and if you use a SIM pin, it's even better.
That'd be exactly what I need.
Sadly GrapheneOS is only available on recent Pixel devices. I know I'm probably the only one that still cares about these features, but I won't buy a phone that requires me to hot-glue a USB dock to it just to get 3.5mm and microSD if I can simply buy a Sony instead :/
>but I won't buy a phone that requires me to hot-glue a USB dock to it just to get 3.5mm and microSD if I can simply buy a Sony instead :/
That's why I've been sticking with moto phones. I'd switch to pixel tomorrow if they made one with an audio jack and a micro sd slot.
I'd be fine with this, EXCEPT:
1) Keep the alarm data in an insecure location so that app can work before login. (A read only cache is fine)
2) Let me _choose_ if some other apps can live in the insecure storage partition too. E.G. Google Voice comes to mind along with any basic carrier integration stuff you'd rather just have even on a fully locked phone. (Why GV in unlocked? It interacts with the insecure phone network anyway, so that's not exactly holding much back. Maybe make message history harder to get to with a still locked device.)
Apps can already choose to place some data in pre-unlock or post-unlock storage, so your alarm or google voice should be unaffected.
Looks like Samsung can do it (though they offer it as advice to keep their buggy OS working, or to "to prevent it from slowing down or freezing" as they themselves put it): https://www.samsung.com/ph/support/mobile-devices/restart-yo...
My Xiaomi phone had a feature where it would boot the phone shortly before any alarms would go off, so you could shut it down before bed and barely drain the battery in the mean time. Still required manual shutdowns, though.
What happens if one is in a place with no connectivity for a long time? There are areas of the world like that. Periodic forced reboots are useless and harmful there. Think about reading ebooks offline or following a map with only GPS on.
The phone isn't locked in either of those cases, no?
This is only happening on phones that are currently locked, but which were previously unlocked since the last reboot.
Additionally, this wouldn't require a periodic reboot; only one. So, phone in After First Unlock state loses cellular connection -> timeout period expires without being unlocked -> phone reboots. This process only restarts once the user unlocks it _and_ it has re-acquired a cellular connection.
Honestly, this is a solid security feature that I do not believe Apple has actually installed.
Actually... it looks like they may have just added somethign similar in iOS 18.1. It's based on the phone not being unlocked, though, not network activity.
https://chaos.social/@jiska/113447894119816217
What great problem do you imagine?
A reboot of a phone is hardly the end of the word, and it's trivial and obvious to simply have the trigger conditions be slightly less simple and stupid. Like require some user activity. Require the pin again or some other reassurance.
What happens if one is in a place with no connectivity? What indeed? Nothing much. That's what happens.
Great idea. How about reboot if more than 2 hours with no unlock?
Horrible idea.
I don't have an iPhone, but it's not exactly alien for me to be in a situation where I've gone more than a couple of hours without touching my phone but while it is doing something important: recording where I am. (And, yes, I have fallback options, but they aren't nearly as good.)
If you're going to put in an auto reboot either make it long enough nobody will trip it while the phone is legitimately recording something or make it configurable.
Um, sleep? Make it at least mid teens if not 24+
What’s the harm if it reboots if you’re sleeping?
Do alarms work on iphones if they are in the BFU state? I'm pretty sure they don't on my android, because it hasn't even unlocked most of the bootloader if you haven't put your pin in.
Yes. If your iPhone updates over night (as I mentioned in another comment, common time for automatic updates or just to kick them off manually) your alarm still goes off the next day after it restarts.
Very little, which is why if you enable automatic updates on iPhones they try to apply those updates at night while the device is locked and charging, when most people are sleeping. If you're using the phone it won't activate at night and will let you know that it couldn't install the update.
Only harm I could see if someone grabs their phone to make emergency call and it's rebooting or locked and in their sleepy state, have trouble unlocking it.
However, I do think 12 hour "Phone hasn't been unlocked, reboot it" seems logical security feature to add.
You never need to unlock an iPhone to make an emergency call (if you mean 911 versus urgently needing to call some other number).
The initial unlock will take a little longer, your apps aren't running, etc. Nothing major, still a bit annoying though.
“Find My” forms a mesh network with other Macs and iPhones.
Maybe the isolated phone has a feature where it reboots after being unable to find a peer?
TL;DR: Cops are likely wrong, iPhone just reboots after being disconnected for a while.
The article is kind of confusing about this.