Hacker News new | past | comments | ask | show | jobs | submit login
Cops suspect iOS 18 iPhones are communicating to force reboots (macrumors.com)
234 points by tosh 19 days ago | hide | past | favorite | 284 comments



The idea that iPhones magically communicate with each other to “reboot randomly” when off a cellular network (assumably would happen on a plane easily) is pretty far fetched. The far more likely explanation is that iOS 18.0 has some radio/modem bugs that causes devices to randomly reboot, likely correlated with long periods of disuse or lack of network connectivity.

Or heck, if the phone thinks the cellular modem isn’t working (like the phone in a faraday cage), some watchdog might just timeout and reboot.

In any case, the idea that they’re randomly networking and intentionally rebooting to thwart this specific law enforcement attack seems pretty unlikely.


I don't think it's what's happening here, but iPhones absolutely communicate with each other when there's no cellular network.

The 'Find My' network uses all iPhones/iPads/Macs (unless disabled) to locate said devices and other items over Bluetooth LE.

> The Find My network is an encrypted, anonymous network of hundreds of millions of Apple devices that can help find your stuff, even when it’s offline. Nearby devices securely send the location of your missing device to iCloud, so you can find it in Find My. It’s all anonymous and encrypted to protect everyone’s privacy. — https://support.apple.com/en-au/104978


But that’s just Bluetooth beacon stuff, it’s one way broadcast communication to anything that’s listening.

It’s like an automated ARP response packet that’s automatically transmitted occasionally without needing to hear a request.


Sure, but iOS has to listen for them and do... something... when they see a "Find my iPhone" beacon.

TBH I think it's very unlikely, but it's entirely possible they could add a flag to those beacon messages suggesting other iOS devices reboot.

On the other hand, I can easily see it being an honest bug where being off a cellular network corrupts the beacon message somehow, and reading the corrupt messages triggers iOS to reboot.

Who knows


I don’t get why they’re suggesting that iPhone communicate to each other to reboot. I mean, what do the iPhone gain? Both have the system time and know for how long they have had no mobile network. They don’t have to set up complicated communication for that. What does the other device know more than the iPhone that makes it know that it has to restart?


By some means, its location?

"HEY Bob, you're in the pokey, reboot so your filesystem is umounted!"

A network deprived phone might not realize, yet a friendly nearby may.

I doubt this is so, but it would be a fun game.


Why could it not be something like Find My iPhone lock/reboot request is an encrypted packet that is destined to arrive at iPhone with Serial Number XYZ. Another iPhone gets near the target iPhone and shares its presence with Apple. Apple has been waiting to deliver this encrypted signed packet from Find My iPhone network to the target device. This packet is sent to the iPhone in range and then the data is delivered over AWDL.


This breaks the anonymous nature of Find My network. There might be a way to mitigate it but I'm sure that's not a can of worm you would want to open.


It is potentially more than just one-way Bluetooth beacon stuff. Apple tried to unify many ways Apple devices could communicate with each other over AWDL.


do you have evidence that it is only a beacon signal between Apple devices post v18 ?


What's interesting to me is that Apple's stance of not unlocking iPhones for law enforcement has led to this paranoia on law enforcements part. Honestly? Good.


Apple doesn’t have a stance of not unlocking phones for law enforcement. They give law enforcement whatever they’re asked for by subpoena.

Apple‘s stance is to build strong encryption so that they can’t access customers data. What they have refused to do is weaken that encryption so that they could start complying with future requests or sign tampered with firmware that would allow the decryption without user authorization.


Apple does have this stance. They have been subpoenaed before to assist in unlocking older iPhones that don't have as strong protection of user data as modern iPhones and they refused those orders as well.

Basically older iPhones without the modern secure enclave enforced the password attempt lockout period in software so the FBI obtained a court order to force apple to create and sign a new version of iOS that would not enforce the lockout period, which would allow the FBI to guess the password. Apple refused to create this new version of iOS and the FBI eventually retracted their request.

Modern iPhones enforce the lockout period in the secure enclave hardware so this is no longer something Apple could even possibly assist with.

https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_d...


The case you reference did not involve a subpoena but an order under the All Writs Act. Annorder which compelled certain behaviour unless the order was appealed within a specified time. Apple appealed the order within that time period and thus was in full compliance with the order. The government withdrew the case before the courts could rule whether the order was legal. I assume Apple would have complied with it if it was ruled so. What we do know from this case is that Apple did attempt to assist the FBI with accessing the phone even without a court compelling them to do so.


> Modern iPhones enforce the lockout period in the secure enclave hardware so this is no longer something Apple could even possibly assist with.

You mean in the sillicon itself? If it's done in the Secure Enclave's firmware then Apple could assist with unlocking.


That’s what I meant by this:

> …sign tampered with firmware that would allow the decryption without user authorization.

Apple wrote the firmware for everything. I assume they could write firmware to not need authorization, embedded in a copy of iOS, and sign everything so it could be installed on a phone through DFU.

They have been unwilling to do so. I think they’re right not to. But I suspect it is technically possible.


But if court ordered then to do so they would have to..

In the previous case law enforcement retracted the request because they found an alternative..

If the alternative stop working i bet you they will go after Apple in courts again..


There have been multiple credible sources with internal documents claiming that iPhone with the current firmware (>17) can’t be hacked currently. It’s in constant flux, obviously, but iOS is very advanced on this aspect. Android phones on the other hand, apart from the Pixels >6, are all hackable with appropriate tooling.


As far as i remember there is a single leaked document about a specific celebrite version that had iOS 17 marked as already supported for some devices up to version 17.0.3, versions 17.1 to 17.3.1 as coming soon and 17.4 as in research..

And that document is from last April, 7 months ago, no one really knows how things progressed after that..

Best assumption to make is that all those versions are supported by now..

support for iOS 18 could be available or not, we do not know.. So again i will assume it is supported until the opposite is proved..

But all the latest iPhones in latest iOS versions were only supported in AFU, that apple is handling with this reset feature, or IPR, that require USB being unlocked and is extremely time sensitive as there are already defenses in place..


> multiple credible sources with internal documents claiming that iPhone with the current firmware (>17) can’t be hacked currently

You can't prove a negative.


The whole point of a Secure Enclave is that you can’t perform such an update without wiping the data.


You can update SEP firmware, but only by providing your PIN. This is why iOS prompts for you PIN again before updating.

This still effectively prevents Apple from adding backdoor to be installed on phones the user can no longer access.


Depends on the enclave. I don't know Apple's, but the ones I worked with would wipe secure data on a firmware update.


I would think that the secure enclave controls the device (un-)locking process and also wouldn't install OTA firmware updates nor accept commands from USB-connected peripherals while the device is locked.


Settings > Passcode > Allow access when locked: [_] Accessories.

Off by default, providing a one hour timeout since last phone unlock; or instantly, upon biometric rejection or after holding power-volume-up to reach the power off menu.

Macs are typically enabling an equivalent to this by default as well now, as of the latest macOS update.


They also refused to make a build (signed by Apple) which would remove any of those protections, though technically possible, but would have tainted their products as backdoored. They were prepared to argue forcing them to do that would be the government compelling speech, a violation of the First Amendment, a precedent the FBI didn’t want, and so turned to a CellBright type service instead. Apple did make public statements at the time against backdooring devices which might be construed as a stance.


> Apple‘s stance is to build strong encryption so that they can’t access customers data.

In the US and EU, where it is politically easy. https://support.apple.com/en-us/111754


More correctly: In states where individual rights are protected.


As far as I know the iCloud backup are unencrypted so law enforcement can just request a backup of those instead.


You're not up-to-date and your language is not exact:

1. Your backups are encrypted in transit and at rest. You have a key, Apple also has one.

2. You can optionally ask Apple to get rid of its key to your backup. (https://support.apple.com/en-us/108756)


In other words, the parent is correct: by default it's not encrypted against Apple (no e2ee).


It's encrypted, period. Apple having the key doesn't make it plain text.


It depends on your threat model. Against Apple (forced to give the info) it is effectively plain text.


That's why we use the term end-to-end encrypted.


Yes, which is exactly what I wrote in brackets. Still got downvoted.


> Apple doesn’t have a stance of not unlocking phones for law enforcement.

Yes and they have also made it such that they can't bypass all that by providing a mechanism to unlock the phone. Hence they don't unlock the phone.


My conspiracy theory here is that Apple knows that this is how law enforcement goes about unlocking phones with tech like Cellbrite so they add in code to thwart that effort but keep quiet so they can have the plausible deniability of it just being a bug.


Easier to assume it's a theft ring deterrent, eliminating some of the routes to social engineering that theft rings have been using, further reducing the usefulness of collecting large numbers of stolen iPhones in the same central place.


It's good if the countermeasures against the two things are indistinguishable.


Yea, it seems like this would be easily verified, if true, by security experts. Watch the network traffic in a faraday cage. See some strange packets that don't make sense with currently used protocols, okay, maybe there is some truth. But if all you see are packets that arn't surprising (in this case, a ping to try to find a cell tower) and a reboot occurs, then there is no mystery, its probably as you suggest a bug or trying to self health from a failed watchdog check.

Its all happening over RF, its not like they can implement this so a signal opens a inter-dimensional portal and comes back out making it undetectable on the RF spectrum.


One of the devices was stored in a Faraday cage in airplane mode[1] - there's literally nothing to monitor

[1]https://appleinsider.com/articles/24/11/07/iphones-stored-fo...


> The affected devices even included one that was in Airplane Mode and another that was kept in a Faraday cage

> The officials hypothesize that an iPhone running iOS 18 can send signals that make nearby units reboot if the device has been kept disconnected from cellular networks.

Either the officials are storing multiple devices in 1 cage, don't understand Faraday cages, or are arguing in bad faith.

> In October of 2024, multiple users of iPhone 16 Pro and iPhone 16 Pro Max units reported that their devices kept restarting themselves for no apparent reason. This is a known issue that occurred during normal use and one that Apple fixed with the iOS 18.1 update.

> This timeframe would also align with the creation of the alleged law enforcement document. Specifically, the document says that three iPhones with iOS 18.0 were brought into a forensics lab on October 3, after which they rebooted themselves.

Ah ignorance or bad faith after all.


Faraday cages don't stop audio and we know [1] there are google/android devices that use ultrasound to communicate with other google/android devices.

It's not ENTIRELY far fetched, but it is very unlikely.

[1] https://www.wired.com/story/ultrasonic-signals-wild-west-of-...


I agree it is very unlikely. And I don't think you are proposing this is the case, but for the sake of argument. However, wouldn't it still be rather easy to verify? Faraday cage just helps with isolation and filters out the noise, so you can analyze a smaller set of data, in this case meaning you have to parse through less signals/data. But you would still be able to pinpoint this. If you can just monitor ultrasound, filter out what isn't easily explained/common (like background background radiation is to the universe).

To verify the original claim that it could happen over BLE, you don't need a faraday case to verify or prove this. The faraday cage just allows you to cut down on the data/signals to analyze.


Such a feature added intentionally would also impede theft rings, which might be the true intent.


Why not both??

Two birds, one stone..


>The idea that iPhones magically communicate with each other to “reboot randomly”

well they do silently communicate for the "find my" network. I don't see why that couldnt result in a reboot somehow


> I don't see why that couldnt result in a reboot somehow

Because Find My is a reverse-engineered protocol that can be abused to broadcast false information to nearby devices? Trusting Find My to know when it's time for a reboot sounds like an amazing Flipper Zero feature but a not-so-great experience for iPhone owners.


sorry about necroing this, but I was implying that the reboot would be a result of unintentional behavior (a bug) in some local p2p code.

The find my network is just an example of local p2p functionality that is largely opaque to users.


Second this. It strikes me as a completely reasonable watchdog. Other than if you're keeping it around in a faraday cage it's very unlikely to receive *nothing* for an extended period. How many people take phones into such environments for extended periods? Thus if nothing is coming in it probably means something's messed up.

And if it reboots on the cops Apple probably considers that a plus.


They do communicate with each other for the "Find My" feature to work even when disconnected from cellular and wifi. It is basically the same operating principle behind Apple Tags.


I agree that it's unlikely but consider that Apple stores have a "dock" that can power on an iPhone and do an iOS upgrade while it's sealed in the box. Who knows what P2P communication protocols iPhones have.


Only the latest iPhones (15 and 16) support this


Does that work on a configured, encrypted iPhone?


Info from the future: it seems that fresh iOS18 versions reboot the phone if they haven't been unlocked for a specified amount of time (days it seems).

If it's in the hands of a legit owner, they just need to type the iCloud password and they're back in. If it was stolen or confiscated, it just became a very expensive brick unless they can coerce the owner to log in somehow.


> The idea that iPhones magically communicate with each other to “reboot randomly” when off a cellular network (assumably would happen on a plane easily) is pretty far fetched.

iOS devices communicate thru a separate ultra-wideband mesh network used for "Find My" and more recently the AirTags.


iPhones are already communicating with any and every bluetooth capable Apple device to enable the findmy/airtag functionality aren't they? I dont believe this is necessarily true just that its theoretically possible.


The issue is not that Apple devices communicate with each other. It's the absurd claim that there's a secret handshake between Apple devices that tells them to reboot if they've been offline and locked for too long.

So sit around in a less secure state for weeks and months and only when externally triggered reboot? That's a stupid feature and makes no sense. If you were to base any partial security measure off of how long a device has been powered up and locked, then just use a timer. Why wait for another phone to wander by?

Though the digital forensics lab claims they were all in airplane mode with one inside a faraday box, so how are they communicating with each other? This suggests incompetence on their part, perhaps not actually putting them in airplane mode or not understanding that bluetooth/wifi can be enabled (and may enable themselves) separately from the cellular radio.


It's not a network feature - the auto restart of the phone, it's not doing so bc of handshake signal, but rather the lack of one. This is incredibly similar "tech/apple innovation" that is very similar to timed DRM media services.

If you download all your songs from Napster - they will work for a month or two without connecting to a network but eventually the lack of a connection will lock the content, it doesn't kno if your still paying, so it makes you sign in.

This is the same but all behind the scenes. Apple phones are constantly communicating with their network or other devices - if that stops, something fishy is going on bc it's not supposed to be able to.

The restart is prolly more for them - that's probably the solution to most of the issues with a phone losing network connection, just restart it. So they built it in.

Sure it does what phones have done forever and makes you sign in with password or full biometrics once at startup buts that's not new either.


It’s communication in that information is being passed, but it’s a one-way Bluetooth broadcast. It’s not any kind of two-way communication.

At most an iPhone may be able to broadcast a Bluetooth message saying “anybody out there?“. I don’t even know if that’s possible. I’m sure Apple‘s white paper has the answer but I don’t remember it.


It’s very well established by numerous studies that apple products continuously scan for other wireless devices in their proximity, especially Apple ones but including wifi routers, and then upload their hardware IDs and MAC addresses to apple server, together with GPS location.

https://www.scss.tcd.ie/doug.leith/apple_google.pdf


And what does that have to do with the article?


Parent wrote (emphasis mine):

> the idea that they’re randomly networking and intentionally rebooting to thwart this specific law enforcement attack seems pretty unlikely.

So there is partial evidence for it at least.


> So there is partial evidence for it at least.

Where? If you want that to be partial evidence, you have to parse that sentence as:

(they’re randomly networking and intentionally rebooting) to thwart this specific law enforcement attack

which means

(they’re randomly networking to thwart this specific law enforcement attack) AND (they’re intentionally rebooting to thwart this specific law enforcement attack)

All you show is that they’re randomly networking, not that it’s for thwarting even any law enforcement attacks, so I don’t think what you say is partial evidence.


Well you could use the information that you just accepted is collected to identify which phones are in custody by the police, which phones have been stolen, lost or left without a user - that's all very easy actually considering the apple network and the number of their devices.

Having a few lines of code to dictate what happens once a phone has been identified as any of the above is pretty simple stuff.

I think this restart is for Apple - an easy attempt to restore the devices network connection (and the data stream from it) and has little or nothing to do with law enforcement originally but now Apple will say that's the whole entire reason this exists bc privacy.

Anyways, it was absolutely relevant info to the article and considering it and more - it's obvious that Apple could have done this, or something like it, to thwart cops but is very unlikely.


It’s still more evidence than if we knew they don’t network AT ALL. Partial means inconclusive, but more than definitive proof to the contrary.


It would be beyond hilarious if Apple now went and implemented this safeguard. I don't even think a hard reboot would be necessary, simply if the phone hasn't had reception for some preset period of time, or if there's been more than some amount of incorrect logins, or no successful logins in some given amount of time, revert everything to the freshly booted state, encryption and all.


They reportedly did:

https://chaos.social/@jiska/113447894119816217

That would make sense since thieves know that they have to get an iPhone offline to prevent Find My tracking and remote locking.


Great to see Apple taking a firm stance on this, this above other fancy features maintain customer loyalty.

People often point out the law enforcement case for breaking into phones but conveniently forget that the very same security holes used by law enforcement are used to make stealing phones more profitable and by other nation-states to spy, commit corporate espionage, etc.


In some cases, there isn't even that much difference between the two groups.


It's not based on communication, though. It's based on how long it's been since the phone was last unlocked - which is an even stronger safeguard, since it can't be spoofed.


That seems very unlikely.

Apple doesn't save your physical SIM PIN, so it would mean leaving your phone untouched for a while would automatically make it unreachable, since you need to enter the SIM PIN after a reboot.


Untouched and out of range of all cellular networks (disregarding the SIM), most likely; we don’t know how long, though.

If your phone hasn’t connected to a cellular network in weeks and is locked in a stationary box 23.9 hours a day or more, then I’m not sure I would be surprised if it becomes automatically unreachable in this way eventually — it’s becoming unreachable any time it reboots for an overnight iOS update already, right? so an inactivity reboot isn’t going to have a worse impact than that already does.

(Note that physical SIMs were discontinued in late 2022 models, but it allows you to set an eSIM PIN with the same effect.)


As noted elsewhere; turns out it’s 96 hours of inactivity, no other criteria.


I wonder how many people that would actually affect? All iPhones that support iOS 18 support eSIM. Starting with iPhone 14 all iPhones except the SE have only had eSIM.

I would guess that most people with only one SIM go with eSIM if they phone supports it.

You can put a PIN on an eSIM, but is there really much point? My understanding is that the main point of a SIM PIN is so that someone cannot transfer your physical SIM to another phone.

Without a PIN someone could steal your phone and even if they could not get past the phone lock they could just move the physical SIM to their phone and thus take over your phone number. They don't even need to steal your phone--they just need access to it for a few seconds to remove the SIM.

That's not the case with eSIM.

You might want a PIN to keep others from making/receiving calls if they have access to your unlocked phone, but because SIMs permanently lock after 3 failed unlock attempts (with no timeout--a mistake today, another a year from now, and another two years after that and it locks) that's probably asking for trouble.


The physical-sim tray is present for all markets outside of the US on all iPhones.


Actually, it would be beyond reckless for Apple to do anything other than implement this as a safeguard. The cops just gave up the game. Their only way into a locked phone is one in an AFU state. Apple doesn't give backdoors to law enforcement, so in lieu of Apple being able to patch this vulnerability, they absolutely should implement protections against it, including this one we just heard from the horse's mouth.

If Apple doesn't make this an official feature, or worse: fixes this issue for the convenience of law enforcement, we need to read that as Apple selling out our privacy to the government.


Apple is in a weird position, on one hand they HAVE to give us government way to access people's iphone (CIA, NSA), and in a less direct way to the whole us government (local cops). On the other hand, privacy is a main point of their marketing so they have to look like they do things to protect it's users.

So they obviously have direct backdoor for the big ones like cia, and they let some wiggle room for 'security' companies that sell 0day exploit to local cops. If they didn't do, there would be lobbies until inevitably they too get their backdoor, which would look bad for apple. It would kill the myth of iphone privacy, any cop could leak about it.

I suspect this is either a bug or a feature that won't really prevent cops from accessing suspect's iphones, they will be annoyed until their 'unlock tool' get updated.

Don't count on Apple to actually fight any government to protect their customer privacy. If they did so, they would never have set up an alternate icloud on CCP controlled server for their Chinese customer, they Would have gone out of Chinese market.


I'm not sure why you're being downvoted, but I think you're right and this vulnerability comes to mind:

"Forgotten" debugging registers enabled Triangulation exploit against iPhones: https://www.itnews.com.au/news/forgotten-debugging-registers...

"While all of the vulnerabilities were zero-day bugs when patched, one attracted particular attention, because it turned out to be an undocumented hardware vulnerability.

Larin described the bug as “insane”, saying it’s a hardware feature in Apple’s A12 to A16 Bionic system-on-chip (SoC).

The feature, he said, allows attackers to “bypass the hardware-based kernel memory protection” in target iPhones, if they write data to “unknown memory-mapped input-output (MIMO) hardware registers” that Apple’s firmware doesn’t use.

Larin said the research team found six undocumented MIMO addresses used by the Triangulation exploit, which “basically, bypass all hardware-based kernel memory protections”.

He said they appear to be ARM/Apple CoreSight debug registers for GPUs, since they’re nearby identified MIMO registers.

In a statement, Larin said that "due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming.”


I wish more people thought of it as a safeguard like you do.


Would the condition be irritating for me when am taking a very long multi transit flight and prefer to keep my phone on airplane mode because am trying to read My ebooks on my kindle during the journey and my phone keeps rebooting …


Airplane mode isn't the same as putting the phone inside a Faraday cage. The phone can tell the difference. Even in airplane mode the phone could receive rf; airplane mode is just supposed to disable transmission.


I think this is simply a matter of finding good defaults. In my opinion, the order of magnitude should be how many days without reception, not how many hours. A week sounds like a sane baseline for me, since that is more than ample time for most people to end up in a situation where you're connected again. Likewise you could reset the counter on a successful unlock. On the flip side, a week is not enough time to reasonably bruteforce anything if the time you have to wait before each retry goes up with every failure.


I dont think it is related to how long it has or not reception.

Also, it would be easy for cops to create a spoofed celular network to keep those phones with reception.

It look like it is based on how long since phone was last unlocked, i would say 1 week is even a big long in this case.. Just a couple of days should be more then enough.


It would need to be two weeks, one week is how long Burning Man lasts, and there is very little range there :)


Depending on the phone model and OS, airplane mode may disable Wi-Fi and Bluetooth, but it won't turn off GPS. If the iPhone is one of those devices, it could detect a fast elevation change and not reboot the phone until it comes back down in elevation in a motionless state.


I also spend a lot of time with my phone in airplane mode, but I'd have no problem with a reboot after two or three failed login attempts.


I'll be surprised if reading ebooks doesn't prevent an "inactivity reboot."


I'll be surprised if reading ebooks on a Kindle prevents an "inactivity reboot" on an iPhone...


That depends... Do you often go on flights longer than 96 hours?


Based on the article it almost sounds like multiple phones may have to be present


This reads more like a chain email forward than an actual analysis of the iPhone tech stack.

Fwd: Fwd: READ THIS!!! You won't believe what the iPhone does when off network and around other iPhones!!!

> It is believed that the iPhone devices with iOS 18.0 brought into the lab, if conditions were available, communicated with the other iPhone devices that were powered on in the vault in AFU. That communication sent a signal to devices to reboot after so much time had transpired since device activity or being off network.

The hypothesis doesn't make any sense because the phone doesn't need to communicate with other phones to decide to restart/lock based on lack of network signal.

> Matthew Green, a cryptographer and Johns Hopkins professor told 404 Media that the law enforcement officials' hypothesis about iOS 18 devices is "deeply suspect," but he was impressed with the concept.

Just about sums it up.


The article also states that you can use a passcode or Face ID to get into AFU state, but of course you cannot – the main distinguisher (to a user at least) of BFU is that you must unlock with your passcode as biometrics are disabled.


GrapheneOS has a "reboot after x hours inactivity" feature specifically to prevent the scenario mentioned in the story. Otherwise leaving a phone powered on is a massive risk, especially if cops can keep it charged for months to wait for an exploit.


Yeah an option to "reboot after not being unlocked for x hours" where x is considerably longer than the average time the phone would ever be locked under normal circumstances, would be great for security.


Good thing that's literally what happened here! https://chaos.social/@jiska/113447894119816217


Maybe designed to help with anti-theft? I already use a shortcut automation when airplane mode is turned on to lock my phone and turn off airplane mode, as that’s the first thing thieves would do.


You can just disable access to Control Center and Siri when locked. If you have an eSIM device, this is a really great thing to do, as it’ll always connect to a cellular network when available.


I think the cool thing about this shortcut is that it'll work even if the thief stole your phone while unlocked.


How is this shortcut even possible? Maybe it’s because I have an older model or haven’t figured out how to build good Shortcuts yet, but I thought that every shortcut requires some kind of manual activation. Would you launch the shortcut from an Apple Watch? Wouldn’t iOS require confirmation from the thief to turn off airplane mode?

That being said, I have heard of a weird automation someone made where it would open an app as soon as they went to the Home Screen. It took some thinking for them to deactivate it because the shortcut was really fast to activate.


It’s in the automation tab of the shortcuts.app. You define trigger conditions and the shortcut to trigger.


I see how to build it now, thank you. I imagine for this automation to serve its purpose, we also need to make the Control Center inaccessible when the phone is locked so that whoever has the phone can’t just try turning it off again. Well, that isn’t strictly necessary since the automation seems to run anytime Airplane Mode is enabled.


Settings > Face ID & Passcode > Allow Access When Locked: uncheck Control Center.


This is a great idea. Perhaps add a moderate delay (say 30 seconds or 1 minute) to confuse them even more. Then they will think that airplane mode is active when it isn't.


When you say theft, do you mean by someone with interest in the hardware or the data? Assuming hardware, I'm not sure I understand why a thief who intends to wipe it anyway would care about an auto restart versus normal screen lock. Assuming data, that's exactly what the article is about.


Are thieves really even stealing phones anymore? You can't pawn or sell them anymore because they can't just be reset and setup with a new account, batteries are becoming impossible to remove...all you can really take is the screen which isn't really worth much either.




So they've given up on hardware and are now looking for insecure phones to try and access banking apps. Interesting.


> can't just be reset and setup with a new account

I know mobile networks keep lists of stolen devices, but they can't be used at all? Like all possible recovery modes demand authentication?


Apple calls this Activation Lock: https://support.apple.com/en-us/108794 https://support.apple.com/en-us/120610

Obviously, the logic board is locked to the owner's Apple account, but so is the display, battery, camera, and selfie camera. Basically the only thing you can reuse is the metal frame of the phone.

Phones are still stolen (since the cost of theft is $0) but stolen phones are worth closer to $5 than $1000.


> Phones are still stolen (since the cost of theft is $0) but stolen phones are worth closer to $5 than $1000.

I have read that there are services offered by specialized criminals to unlock stolen iPhones. These basically amount to phishing schemes where they trick the owner into entering their apple ID and password on a site under their control.

They can then factory reset the iPhone, but they also get to mine the phone/account for crypto, banking details, identity theft, etc.

Potentially the value of a stolen iPhone can be more than the aftermarket price, since draining a bank account has unbounded gain.

Low level thieves are getting $300-$600 for stolen phones.

https://abc7ny.com/amp/crime-spree-phones-stolen-nyc-migrant...

https://discussions.apple.com/thread/253640344?sortBy=rank


> I know mobile networks keep lists of stolen devices, but they can't be used at all? Like all possible recovery modes demand authentication?

Newer phones for, I want to say maybe the last 5 years, yeah.

If it's turned off and you don't have the code to boot it, you can't access any kind of bootloader or recovery mode, it just shows a screen with an obfuscated email that is required to unlock it or something similar.

Gone are the days of just being able to do a factory reset.


True, but my iPhone 15 Pro was stolen, powered down, and likely ended up in china for parts.


> Are thieves really even stealing phones anymore?

Why do you think iFixit and collaborators are so opposed to serialization of iPhone parts?


How do you turn on airplane mode when that's actually what you want to do?


Personally I only use it for battery savings when camping or similar. It's not the kind of thing everyone cares about. I think we're long past the days where a flight full of phones frantically searching for towers during takeoff/landing would degrade the network for people on the ground, as may have been true way back when (and why) airplane mode was adopted as a standard feature.


I have to think that if mobile phones presented an actual interference threat to aircraft avionics systems they simply would not be allowed on board. You cannot assume that all the passengers will follow the instructions to turn them off/disable the radios.


The rule isn't an FAA rule, it's FCC. The issue is about the cell networks, not the aircraft.


It was never about that. It’s about interference with aircraft systems.

Look for “5G NOTAM” if you are someone who thinks this is bunk. Specifically, some radio altimeters (which are needed for some IMC approaches) can be interfered with by the adjacent 5G frequency bands due to not being built with a tight enough filter.


The 5G issue was more about flying in or over anywhere that had a 5G service using that particular band - it didn’t matter whether anyone on the phone did or did not have a phone on.

Hence the whole US aircraft fleet was upgraded (by the end of September 2023) so that band could be used for 5G there and it’s no longer a problem.

As I understand it, cellular modems wouldn’t transmit on a frequency if they can’t see a base station (tower) first on that channel, so I expect before the problem was fixed, the temporary solution was just to disable that band at the base stations.

If there was any actual known or suspected risk of electromagnetic compatibility issues with any consumer devices, there would be very strict laws about it (it might become a Federal offence not to have your phone in airplane mode, for example - but obviously it’s not)


We can further caveat that it wasn't "anywhere that had a 5G service" since the radio altimeter is not needed except on low visibility approaches into an airport.

Either way, it's about interference with aircraft systems from cellular infrastructure/devices. Certainly, if a tower talking on 5G can interfere with a radio altimeter, a bunch of cellphones onboard could do the same thing or even amplify the effect.

> it might become a Federal offence not to have your phone in airplane mode, for example - but obviously it’s not

Violating directions from the flight crew can be a federal offense. There is a chain of authority from the FAA to the airlines and to the PIC. The airline and PIC delegate part of that authority to the rest of the crew. Unless you are very aware of every regulation and particular company policy, I highly recommend that you don't test this.


Cellphones used to operate on a frequency band that was very close to the same band used by ground proximity warning systems, so theoretically they could interfere with the safety systems on a plane. Modern phones use different frequency bands now.


I typically activate airplane mode twice and have it fail. Remember the automation, go deactivate the automation and then airplane mode works. On actual airplanes, I’m more likely to simply power off my phone.


Savvy thieves would just use a faraday cage case/bag I guess.


Savvy thieves would probably choose a different occupation. Prisons are full of stupid criminals.


Sure. Or just power down. No FaceID or password code required. Find My may still work though, so thieves do use faraday bags.


Neat trick. But in what cities do people need to live like this?


San Francisco. Or almost any other big American city for that matter.


When people say things like this what they're actually doing is falsely associating walkable urban fabric in cities like San Francisco, NYC, and large parts of Chicago as being especially dangerous just because it's only practical to be pick-pocketed on foot.

They say this while ignoring the generally low crime rates of those compared to peers. For example, Chicago has an almost 20% lower property crime rate than Peoria, IL. Fort Worth, TX has 52% higher property crime rate than New York City. Carmel, Indiana, an affluent suburb with a public high school ranked #354 in the country and 6th in Indiana, only manages to have a 28% better property crime rate than NYC.

(And driving a car around is a lot more statistically dangerous to your life than walking around a big city. I'd rather have my phone stolen than be t-boned by a drunk driver)


Any city with police that might steal your phone. So... all of them.


Latin America cities

I very much doubt it. Far more likely to be a memory leak in the baseband which is exposed when the devices are unable to talk to the cellular network for a period of time.


If that's what's going on, it might be the best example of "it's not a bug, it's a feature!" ever.


Ya, I'm guessing these cops don't have iPhones because if they did they would know that iOS is just buggy. I mean, the last time I restarted my iPhone before iOS 18 was when I installed the last iOS 17 patch. Since installing iOS 18 I've had to restart it twice because it stopped responding.


So what did we learn class? If you’re ever in a situation where your iPhone is being seized, power it down :)


You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.


> You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.

Iphones have 2 states when it comes to encryption:

Before First Unlock (BFU) - everything is encrypted. The most difficult state to hack.

After First Unlock (AFU) - data isn’t fully encrypted. Maybe it's for performance reasons. In this state exploits exist which police can use to get data.

Your suggestion of getting to the 'slide to power off' screen does NOT hardlock the phone (it does not put it in BFU).

It just means it requires a passcode. However, since it is in AFU mode, data can be exfiltrated with the right tools.

You should definitely power it down to be secure.


This is wrong. While this clears a some keys and prevents anyone from holding the phone up your face to unlock it, it doesn’t bring the phone back into a full BFU state.

Some keys can still be read, and depending on the exploit they use a lot of data could be extracted. BFU + good passcode is always the way to go.


>BFU state.

"Before first unlock", for those like me who weren't familiar with this particular acronym.


This was explained in the article.


If you have an iPhone SE Gen 3 (Or any other iPhone with TouchID, but models older than the SEGen3 have other weaknesses to worry about), you can do the same by spamming the power button 5 times.

You can also ask Siri to reboot or turn off your phone, Siri will ask you to confirm you want to do the action, but it doesn't take too long to do. Just in case you don't want to reach for your phone for what ever reason.


IDK about iOS, but android (or at least calyxOS/grapheneOS) has a feature where you can make the phone automatically reboot after a certain amount of time (thus removing the keys from memory).


Unfortunately, though, you won't be able to do so while handing it over, and US cops will just kill you if you take too long handing over your phone because they can.


Any time a police encounter starts, you can at least tap the standby button 5 times. It's not as good as a shutdown, but it will at least disable biometrics so it will require a password to unlock. They can't legally force you to reveal your password.


> They can't legally force you to reveal your password.

Indefinite contempt of court seems like "force" to me.

https://arstechnica.com/tech-policy/2017/05/jail-looms-large...


Unless you are shot dead for reaching into your pocket..


If the police encounter starts with a gun to your head, this makes it harder.


[flagged]


Everything that could happen must have already happened, and must have a linkable news story to boot. Or else it is not possible.


You probably don't have time. Especially if there is a gun pointed at you.


> the reported iPhone reboots highlight the constant cat and mouse game between law enforcement officers and forensic experts on one side, and phone manufacturers Apple and Google on the other.

I don't think Google is in this same category at all. Didn't they just recently give nest door unlock codes to LEO without even asking for a warrant?

Apple and Google are on different planets when it comes to user privacy.


You're thinking of Amazon giving Ring footage to police without warrants.


Bingo.


>Didn't they just recently give nest door unlock codes to LEO without even asking for a warrant?

Did they? I don't remember seeing anything about that.


The theory makes zero sense on many levels. Why are we are publishing cop’s guesses on how software giants work…


“Helping criminals“ gets headlines. Anything involving Apple gets headlines.

Apple “helping criminals“ is a gold mine.

I can’t read the full article, but I’d be surprised if the cops didn’t manage to claim how this is somehow related to fentanyl in there somewhere.


I don't think this is the case, but I genuinely want this to be gonzo advertising by Apple.


These articles should make fun of how silly these cops are instead of passing along their silly rumors as if they have any chance of being valid.


I haven't kept up with iOS feature developments, but modern Android devices can be configured to lock automatically if they go offline.

The purpose of this is to counter a thief putting your phone into aeroplane mode to prevent you remote locking or erasing the device.


My iPhone 16 on iOS 18 has been randomly respringing (as far as I can tell). Not fully rebooting but basically the UI crashes and it kicks me out to the lock screen.

I wonder if that's all this is. Probably a memory leak somewhere or some other bug.


I was thinking the same thing -- I've had to reboot my iPhone a couple of times since installing iOS 18 because it became unresponsive. It's been years since I've had an iPhone do that so this is very unusual.


Just today, I got a notification on my Pixel to turn on "Theft Offline Device Lock". I can't claim that it puts the phone into a pre-first-auth state, I've not tried it yet and the docs aren't clear. Along with it came a "Remote lock" features, where visiting android.com/lock and putting in your phone number will also lock your device, so it requires the screen lock to unlock.

It would be sensible if both these features put the phone into a pre-first-auth mode.


I turned this on as well and all I've had are a few false positives when running up stairs or similar. Good feature and id rather have to unlock occasionally than error the other way.


iOS 18.1 has a release note about fixing unexpected restarts on iPhone 16 and iPhone 16 Pro models.

https://support.apple.com/en-us/121161#a181 (last item)


Cops are some of the greatest "victims" in our society. Encryption will make their investigations more difficult. They'll be judged first by the basis of the race of their suspect and then by the suspected crime. Even bodycams (which they're now quick to hail as they're "recording too," when people record interactions with their phones) were going to impeded their ability to do their jobs.

There are fewer groups with so much power who see themselves as downtrodden. I could name others, but that'd be going off-topic.


You went off the deep end with the last line. Get some rest, eat a sandwich, see a sunset.


You sound right on the money here. Occam’s Razor suggests they’re rebooting for a reason we know about rather than an undocumented security feature.


This is like the junior QA coming to you and is so sure of himself and he think his theory is 100% correct


Why would the iPhones need to communicate in order to reboot? Just detect a lost network connection, add a timer, lack of normal user activity, some other signal, ....


Why are they searching people's phones though?

Imagine the future when neurolink is going to be fully developed and the court would be able to authorise drilling into your skull to forcefully connect you to a computer to read your thoughts. Well, that's not much different.


“But the sufficiently nefarious might reboot or wipe their phone remotely,” is a component in the black letter law of the fourth amendment and exigency. Kind of interesting that now the handset manufacturer might be automatically doing that for all of us.


There is not a corporation on earth that has data collected on you that will voluntarily or automatically delete it - even just from a device disconnected from the network (especially so actually, bc there is new data still on the device not synced to the network) - not a single corp with data will ever delete it, even if they say they do.


It's a good feature. A similar feature just got added to Android, too. If the phone loses network, it locks. If the accelerometer thinks that the phone has been snatched from your hand, it locks.


There's a difference between locking a phone and entering Before First Unlock state. After a reboot and before authentication the credentials stored on a phone are locked down much more securely, to the point (most) apps can't even start in the background.

Locking and disabling biometrics are good ways to add a quick layer of protection, but rebooting makes it incredibly difficult for exploit kits and other hacking tools to dump the contents of a phone's storage.

I'm thinking this may just be a bug (how often does a real world iPhone get zero available networks of any kind? Probably not enough for that use case to be tested thoroughly for days) but with how hard law enforcement is panicking about this, maybe it should be a feature. If they care this much, I don't think their expensive hacking subscription they've bought is working anymore, so it's probably working around some pretty bad vulnerabilities in iOS.


For me iPhone looses all connectivity on a daily basis. No cellular signals are available in the underground parking lot that I use.


Btw, is there a way to set Android to automatically reboot at a fixed time? That'd only cost like 20 seconds more to unlock in the morning but reduce the chance of 3-letter-agencies being able to extract the content in AFU state.


I can't find anything built into my Pixel, but it seems that Samsung and others offer it, or otherwise third party apps:

https://www.reddit.com/r/androidapps/comments/1cscmu8/app_th...


GrapheneOS has a feature to auto-reboot the device if it hasn't been unlocked in X hours.

Set it sufficiently low, and it's a pretty good option to ensure keys are evicted and if you use a SIM pin, it's even better.


That'd be exactly what I need.

Sadly GrapheneOS is only available on recent Pixel devices. I know I'm probably the only one that still cares about these features, but I won't buy a phone that requires me to hot-glue a USB dock to it just to get 3.5mm and microSD if I can simply buy a Sony instead :/


>but I won't buy a phone that requires me to hot-glue a USB dock to it just to get 3.5mm and microSD if I can simply buy a Sony instead :/

That's why I've been sticking with moto phones. I'd switch to pixel tomorrow if they made one with an audio jack and a micro sd slot.


I'd be fine with this, EXCEPT:

1) Keep the alarm data in an insecure location so that app can work before login. (A read only cache is fine)

2) Let me _choose_ if some other apps can live in the insecure storage partition too. E.G. Google Voice comes to mind along with any basic carrier integration stuff you'd rather just have even on a fully locked phone. (Why GV in unlocked? It interacts with the insecure phone network anyway, so that's not exactly holding much back. Maybe make message history harder to get to with a still locked device.)


Apps can already choose to place some data in pre-unlock or post-unlock storage, so your alarm or google voice should be unaffected.


Looks like Samsung can do it (though they offer it as advice to keep their buggy OS working, or to "to prevent it from slowing down or freezing" as they themselves put it): https://www.samsung.com/ph/support/mobile-devices/restart-yo...

My Xiaomi phone had a feature where it would boot the phone shortly before any alarms would go off, so you could shut it down before bed and barely drain the battery in the mean time. Still required manual shutdowns, though.


> If the phone loses network, it locks.

Am I the last person who regularly experinces dead zones, or does this sound crazy?

There's no need to lock the phone just because I'm on the highway at this one spot on the way out of town.


It's a minor inconvenience to reenter your PIN, and it's optional and disabled by default. Seems harmless.


It seems like an untested theory that should be easily reproducible?


Why is nobody at Apple sitting around with a USB protocol analyzer and a Cellebrite and patching these vulnerabilities one by one?


How would they obtain a Cellebrite in the first place?

I’m guessing that supply chain is pretty locked down. Sure, a journalist might have obtained one at some point but it won’t be able to phone home and download the latest exploits.


> I’m guessing that supply chain is pretty locked down.

School districts and the like have them, it's not at all locked down. Independent "researchers" can obtain them (and have.)


>School districts and the like have them, it's not at all locked down.

I read the article about school districts obtaining Cellebrite devices, but I don't think that really refutes what I'm saying. If it was that easy, why wouldn't we see more in-depth analysis of the exploits that UFEDs use?

Other than the Moxie Marlinspike post, I haven't heard of anything recently. Would love to learn more about this topic.


Would it come as a surprise if I told you that the US has every opportunity to stop Cellebrite et. al but chooses not to?


Frankly I'm all for phones detecting that they're in an unusual state and changing posture to a higher security level.


Sounds like a timer, if not just a crash. Nothing here sounds like a the phones are communicating with each other.


> The digital forensics lab that noticed the issue had several iPhones in AFU state reboot, including iPhones in Airplane mode and one in a faraday box.

You can stop reading there. iOS 18 doesn't add freaking telepathy to phones. Whether it's a bug or a new feature Apple added that reboots phones under certain circumstances, it's not "iPhones communicating to force reboots".

I'm glad HN doesn't allow emoji, but I do wish I could add :facepalm: or :eye-roll: here.


Why? This seems like a smart anti-theft measure. (Bunch of iPhones in a radio silent environment together, maybe also not moving or detecting light.)


It's the faraday box part in particular. Airplane mode isn't a true no-radios mode on iPhone (this is well-known, or should be on HN at least). But it does leave cellular radios off. Wifi and bluetooth might need to be separately disabled and with wifi, at least, it'll turn back on after a while. So maybe (being very generous), if bluetooth or wifi is enabled or becomes re-enabled, there's a signal between the iPhones that causes this reboot behavior.

But how is a device in a faraday box receiving this signal and rebooting? And why do they need a signal when they could just use their own clocks and determine that it's been X days or weeks since last going online and reboot?


> how is a device in a faraday box receiving this signal and rebooting?

Doesn’t need to. Being in a Faraday box is a reasonable trigger for a single reboot. That said, the most incredulous part of this story is that iPhones can detect when they’re in a Faraday cage.


I'm going to go ahead and assert that they can't tell. A Faraday cage is just a deliberate construction of a situation that happens all the time anyway. Hospitals have lots of shielded rooms in and around the radiology department. The basement of a steel building is basically the same. So is anywhere on a ship. My aged house has lath and plaster walls that can simultaneously survive a nuclear blast and also block Wi-Fi unless the amp's turned up to 11. There's no sensor in an iPhone that could tell that it's in a specially-constructed Faraday cage instead of a plain old dresser drawer in my bedroom.


Could the phone detect that they are in a small conductive box: stronger interference back when they send a signal?


I'm not sure if that's possible. What's the difference between that and someone sitting their phone on a metal cabinet?

I'm even more confident that Apple hasn't spent the research hours required to do that reliably, then incorporate the electronics and software needed into off-the-shelf phones, all to protect criminals from having their phones hacked under very specific conditions. That seems like a huge money sink.


> What's the difference between that and someone sitting their phone on a metal cabinet?

In a zero-signal environment? With other iPhones in very close proximity?

You can even measure your false positive rate by timing to first successful unlock. If it happens more than once, turn down the sensitivity on the feature (or turn it off completely).

(Were I designing this feature, I’d let phones in this state poll the other phones on how long they’ve been in it.)


But the claim is that other iPhones in the area are triggering the reboot. Setting that claim aside, though, how would the device even tell it's in a faraday box versus just out in the woods?


> the claim is that other iPhones in the area are triggering the reboot

Lack of motion? The information the other phones provide are proximity (it’s unusual for people to pile their phones together), that the radios still work and possibly a timeline, e.g. if the other phone says “I’ve been in a suspicious state for two days,” the first phone can change its priors.


I could easily see this as a security measure. Give the phone a concept of fear of being stolen. Phone, alone, continued source of power for an extended period. Somebody could have left it on a charger and gone away. Phone, continued source of power for an extended period and static bluetooth signals from other phones--what's going on here? This is very suspicious, turn defenses to max. It doesn't need to know the difference between thieves trying to thwart it and cops trying to thwart it.


Out there in the woods there's still GPS data. There are very few places on Earth outside a faraday cage where you can go for a long time without receiving *anything*.


environmental RF in the woods, vs band specific shielding in farady cage.


Ultrasound?


Because iPhones can't ping each other when one's inside a Faraday cage.


Faraday cages used by law enforcement, such as [1] aren't impervious to RF.

They provide enough attenuation to keep phones off the cellular network and prevent GNSS from working, but not enough to prevent communication with nearby devices via Bluetooth or wifi.

[1] https://ramseytest.com/rf-shielded/forensic-enclosure/


That sounds implausible.

A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).

Unless the forensic lab has additional special shielding from cell towers, the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar, so they'd both be attenuated similarly.


> That sounds implausible.

I can say from experience that it is not.

> A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant

It's not constant at all. The level of attenuation varies greatly based on frequency. For the Ramsey STE3000 I have here, it varies by 40dB or more at the frequencies at which I've tested it. The enclosure good for around -100dB at 700MHz, but only -60dB or so at 2.4GHz.

> (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).

Even if you exclude mmWave and consider only the sub-6 bands, AT&T for example has LTE and 5G bands from 700MHz to 3700MHz. They're not similar at all. Worlds of difference in terms of propagation characteristics.

> the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar

No, they wouldn't.

On my Pixel 8 Pro right now I'm seeing -93dBm from a tower about half a mile down the road (700MHz LTE), and -40dBm from the BLE radio in the HVAC controller on the wall of this room, about 8 or 10 feet away. That's a 53dB difference.

If I put my phone in the box, it attenuates the LTE downlink from down the street to well below the thermal noise floor. It cannot do the same for BLE; my phone can still talk to the HVAC controller from inside.


>It cannot do the same for BLE; my phone can still talk to the HVAC controller from inside.

That's surprising, you'd think those boxes would be better at blocking signals since that's what they're designed to do.


They work very well, but it's physically impossible for them to be perfect.


I assumed they have one cage they toss all the phones in.


Ah, then they could definitely communicate with each other.

And while I don't expect stock iPhones to do anything like what's being suggested in the article, I could see custom software activating a "panic mode" based on observations that plausibly suggest a device being in such an environment.


You're probably right, but wouldn't intermittent audio sidestep a faraday cage?

Edit: I noticed it's "box" and not "cage" but I think the same what-if applies here.


Anything's possible, but I am highly skeptical of the notion. Their little speakers don't have infinite frequency response, and I haven't heard reports of young teens saying their phones make weird chirps. Also, why on Earth would Apple do this? The notion that iPhone A in AFU mode is anxiously listening for iPhone B to come along and send it an audio trigger that it should reboot is hard to believe. It would be way easier to just tell iPhone A to reboot after N hours in AFU mode if they wanted to accomplish such a thing. And why would iPhone B be sending the "OMG reboot yourself!" audio signal to iPhone A in the first place?


They don’t need infinite frequency response, and I don’t think it’s unusual to have a frequency response outside of human hearing. I know for a fact that Cisco uses frequencies outside human hearing to help pair your computer to meeting room screens


GrapheneOS implements basically this as a security feature against non-persistent malware, and I think it's a great idea that all phones should do. Graphene has your phone reboot after an uptime greater than some value you pick.


> Graphene has your phone reboot after an uptime greater than some value you pick.

It automatically reboots after the device hasn't been unlocked within the selected duration, not after certain uptime has been reached


It's also available on Samsung (mine is set to reboot every day), not sure if it's standard on Android or not


I don’t think it’s other iPhones that are sending a signal. Rather, it’s probably a security option that’s easy for most people to overlook in the Settings app. I have little knowledge about iPhone hacking, but I think in the same place where you can say “delete my data after 10 failed passcode attempts”, you can also force ask for a passcode to start using accessories again if it’s been a long time since it’s been unlocked. But I don’t think I have ever seen anything around rebooting. That sounds like a very nice feature though since rebooting apparently is good for making sure the phone clears spyware access.


We need to write an app to automatically reboot your iphone every night as a user selectable time if reboot your iphone is apparently phone spies kryptonite.


iPhone shortcuts can already do that. Create a shortcut to restart the device and an automation to run it at a particular time of day.


There were a number of custom “crime phones”, run by criminal organizations. One of the features was rebooting when were arrested, as triggered by the criminal organization.

Law enforcement seems to be reading the behavior into the iPhone, which is understandable. They’ve see it before.

The real concern is how law enforcement seems to create these bright lines between “legitimate” and “illegitimate” security.

Shutting down when an attack is suspected is a reasonable security feature.


> Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time.

My guess (and this is just a complete random guess), its a bug not a feature, prob to do with Find My, all the phones are prob airplane mode and they are all trying to talk to each other (and to the mothership) regarding Find My and are crashing out.


> The idea that phones should reboot periodically after an extended period with no network is absolutely brilliant

If this is brilliant I'm Einstein


My time as a digital forensic investigator was short and over a decade ago now, but it was standard where I was to put each phone in a faraday bag to help reduce concerns around remote wiping capabilities.

What's odd to me in this article is it doesn't seem like faraday bags are being used. I'd assume concerns over this type of thing are greater than ever now.


This seems like an excellent reason to run a "reboot after 12h of no signal" program - this would snuff these Faraday bags right out completely.

Cellebrite doesn't have BFU unlocks for any recent iPhone, allegedly.


I've had flights that lasted for more than 12h. This may be a bit too short.


If you're on a long flight and you leave your phone on but don't unlock it to use it during that time, and a consequence is that the phone reboots, what is the big deal?


The phone is going to default assume a hostile environment without need for comms.


Ah, that makes sense.


Right. So, if you're about to go somewhere where your phone might be arbitrarily searched i.e. an airport in your own or another country, I guess this means it's a good idea to shutdown your phone and put it into a Before First Unlock state to protect your files.


It's a dot zero release.

Could easily just be a memory leak that is accumulating until the OS crashes.


>Could easily just be a memory leak that is accumulating until the OS crashes.

That would be my assumption since they are storing them in labs while trying to crack them under non-normal conditions, so it could easily be a memory leak that doesn't happen under normal conditions. Either that or its the software they use to mess with the encryption causing issues.


Or not actually a leak, just overuse. Suppose there's some sort of log that accumulates while it's failing to communicate. Once it communicates the log gets dumped. Log gets too big, software faults, watchdog reboots it.


That's a good point. Developers often neglect to consider the size of logs since they generally aren't that big unless something out of the ordinary happens.


Seems more like the phone batteries went to zero and then power came back on and they went back up but obviously restarted.

If you are not looking at a phone all day, you may not have noticed that the power was out to them over some weekend.


I'd assume they keep them powered up when they have them stored in a lab trying to crack the encryption on them.


Yes, but they don’t look at the phone 24/7. If all the phone seeming restarted over the weekend… what’s the more likely scenario: 1) the phones gossiped with each other (including the one in faraday cage) and decided to all restart themselves, or 2) they lost power over the weekend.



If I had a dollar for every time I'm surprised to find out one of my AOSP devices has rebooted, I'd buy an old-fashioned alarm clock.

Maybe iPhones just reboot sometimes too.


Probably a bug but a feature on GrapheneOS

https://grapheneos.org/features#auto-reboot


Great idea. How about reboot if more than 2 hours with no unlock?


Horrible idea.

I don't have an iPhone, but it's not exactly alien for me to be in a situation where I've gone more than a couple of hours without touching my phone but while it is doing something important: recording where I am. (And, yes, I have fallback options, but they aren't nearly as good.)

If you're going to put in an auto reboot either make it long enough nobody will trip it while the phone is legitimately recording something or make it configurable.


Um, sleep? Make it at least mid teens if not 24+


What’s the harm if it reboots if you’re sleeping?


Do alarms work on iphones if they are in the BFU state? I'm pretty sure they don't on my android, because it hasn't even unlocked most of the bootloader if you haven't put your pin in.


Yes. If your iPhone updates over night (as I mentioned in another comment, common time for automatic updates or just to kick them off manually) your alarm still goes off the next day after it restarts.


The initial unlock will take a little longer, your apps aren't running, etc. Nothing major, still a bit annoying though.


Very little, which is why if you enable automatic updates on iPhones they try to apply those updates at night while the device is locked and charging, when most people are sleeping. If you're using the phone it won't activate at night and will let you know that it couldn't install the update.


Only harm I could see if someone grabs their phone to make emergency call and it's rebooting or locked and in their sleepy state, have trouble unlocking it.

However, I do think 12 hour "Phone hasn't been unlocked, reboot it" seems logical security feature to add.


You never need to unlock an iPhone to make an emergency call (if you mean 911 versus urgently needing to call some other number).


More discussion on the source: https://news.ycombinator.com/item?id=42083052


Is there an audio command you can say to cause Siri to BFU?


Not an audio command, but even just holding down the volume and side buttons to open the power off menu, without actually powering off your phone, triggers the same behavior.


That locks the phone, but a reboot presumably drops a lot of in-memory caches, to one degree or another. I don’t know whether (or how well) iOS zeroes out memory, but I can certainly imagine the AFU state is easier to target than the BFU state.


hmmm good one to add to the "before crossing an international border" toolkit


> good one to add to the "before crossing an international border" toolkit

You’re in for a bad time refusing to unlock at most borders.


“Hey Siri, reboot”?


So if I use a faraday bag for stretches of time to prevent my phone being tracked is that going to cause a reset? Any documentation?


Reality: A nasty resource leak causes segfault in the iOS kernel

News: Apple implemented auto-reboot as a security feature fending off cops


Probably a buffer overflow or out-of-bounds write since it takes _a while_ to trigger this.

Eg: iPhone keeps location and time of found devices via Find My, the cache grows as it's not connected to the network. Eventually restarts...


“Find My” forms a mesh network with other Macs and iPhones.

Maybe the isolated phone has a feature where it reboots after being unable to find a peer?


My money is on a memory leak in the 5G stack


Sounds like, if the cops take your iPhone, you should immediately deactivate your eSIM or cancel your service.


But, assuming the cops are right for a minute, wouldn't you want your phone to reboot so it would be harder for them to brute force it?


That’s what I said?


My mistake, I didn't understand that "deactivate your eSIM or cancel your service" was akin to the phone rebooting.

Why would phones need another phone nearby to “tell them to reboot”

Makes no sense.


They’re social animals, I guess.

This is absolutely some kind of non-technical user superstition style claim born from a little bit of paranoia that Apple hates cops because they don’t roll over easy (though they do follow subpoenas they are technically capable of following).


The truly scary part is we're not actually talking about 'cops' here, but 'detectives', you know, the police who *aren't* supposed to be knuckledraggers incapable of reasoning; the people who are entrusted to solve murders.


What happens if one is in a place with no connectivity for a long time? There are areas of the world like that. Periodic forced reboots are useless and harmful there. Think about reading ebooks offline or following a map with only GPS on.


The phone isn't locked in either of those cases, no?

This is only happening on phones that are currently locked, but which were previously unlocked since the last reboot.


Additionally, this wouldn't require a periodic reboot; only one. So, phone in After First Unlock state loses cellular connection -> timeout period expires without being unlocked -> phone reboots. This process only restarts once the user unlocks it _and_ it has re-acquired a cellular connection.


Honestly, this is a solid security feature that I do not believe Apple has actually installed.


Actually... it looks like they may have just added somethign similar in iOS 18.1. It's based on the phone not being unlocked, though, not network activity.

https://chaos.social/@jiska/113447894119816217


What great problem do you imagine?

A reboot of a phone is hardly the end of the word, and it's trivial and obvious to simply have the trigger conditions be slightly less simple and stupid. Like require some user activity. Require the pin again or some other reassurance.

What happens if one is in a place with no connectivity? What indeed? Nothing much. That's what happens.


Betcha ten bucks it's an on device timer.


Insert it’s not q bug, it’s a feature image


Watchdog timer??


Another option is that whatever bug cellebrite was exploiting to extract data from iPhones in AFU mode is now subtly not working, leading to unexpected reboots when attempting extraction.


TL;DR: Cops are likely wrong, iPhone just reboots after being disconnected for a while.

The article is kind of confusing about this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: