The idea that iPhones magically communicate with each other to “reboot randomly” when off a cellular network (assumably would happen on a plane easily) is pretty far fetched. The far more likely explanation is that iOS 18.0 has some radio/modem bugs that causes devices to randomly reboot, likely correlated with long periods of disuse or lack of network connectivity.
Or heck, if the phone thinks the cellular modem isn’t working (like the phone in a faraday cage), some watchdog might just timeout and reboot.
In any case, the idea that they’re randomly networking and intentionally rebooting to thwart this specific law enforcement attack seems pretty unlikely.
I don't think it's what's happening here, but iPhones absolutely communicate with each other when there's no cellular network.
The 'Find My' network uses all iPhones/iPads/Macs (unless disabled) to locate said devices and other items over Bluetooth LE.
> The Find My network is an encrypted, anonymous network of hundreds of millions of Apple devices that can help find your stuff, even when it’s offline. Nearby devices securely send the location of your missing device to iCloud, so you can find it in Find My. It’s all anonymous and encrypted to protect everyone’s privacy.
— https://support.apple.com/en-au/104978
Sure, but iOS has to listen for them and do... something... when they see a "Find my iPhone" beacon.
TBH I think it's very unlikely, but it's entirely possible they could add a flag to those beacon messages suggesting other iOS devices reboot.
On the other hand, I can easily see it being an honest bug where being off a cellular network corrupts the beacon message somehow, and reading the corrupt messages triggers iOS to reboot.
I don’t get why they’re suggesting that iPhone communicate to each other to reboot. I mean, what do the iPhone gain? Both have the system time and know for how long they have had no mobile network. They don’t have to set up complicated communication for that. What does the other device know more than the iPhone that makes it know that it has to restart?
Why could it not be something like Find My iPhone lock/reboot request is an encrypted packet that is destined to arrive at iPhone with Serial Number XYZ. Another iPhone gets near the target iPhone and shares its presence with Apple. Apple has been waiting to deliver this encrypted signed packet from Find My iPhone network to the target device. This packet is sent to the iPhone in range and then the data is delivered over AWDL.
It is potentially more than just one-way Bluetooth beacon stuff. Apple tried to unify many ways Apple devices could communicate with each other over AWDL.
What's interesting to me is that Apple's stance of not unlocking iPhones for law enforcement has led to this paranoia on law enforcements part. Honestly? Good.
Apple doesn’t have a stance of not unlocking phones for law enforcement. They give law enforcement whatever they’re asked for by subpoena.
Apple‘s stance is to build strong encryption so that they can’t access customers data. What they have refused to do is weaken that encryption so that they could start complying with future requests or sign tampered with firmware that would allow the decryption without user authorization.
Apple does have this stance. They have been subpoenaed before to assist in unlocking older iPhones that don't have as strong protection of user data as modern iPhones and they refused those orders as well.
Basically older iPhones without the modern secure enclave enforced the password attempt lockout period in software so the FBI obtained a court order to force apple to create and sign a new version of iOS that would not enforce the lockout period, which would allow the FBI to guess the password. Apple refused to create this new version of iOS and the FBI eventually retracted their request.
Modern iPhones enforce the lockout period in the secure enclave hardware so this is no longer something Apple could even possibly assist with.
The case you reference did not involve a subpoena but an order under the All Writs Act. Annorder which compelled certain behaviour unless the order was appealed within a specified time. Apple appealed the order within that time period and thus was in full compliance with the order. The government withdrew the case before the courts could rule whether the order was legal. I assume Apple would have complied with it if it was ruled so. What we do know from this case is that Apple did attempt to assist the FBI with accessing the phone even without a court compelling them to do so.
> …sign tampered with firmware that would allow the decryption without user authorization.
Apple wrote the firmware for everything. I assume they could write firmware to not need authorization, embedded in a copy of iOS, and sign everything so it could be installed on a phone through DFU.
They have been unwilling to do so. I think they’re right not to. But I suspect it is technically possible.
There have been multiple credible sources with internal documents claiming that iPhone with the current firmware (>17) can’t be hacked currently.
It’s in constant flux, obviously, but iOS is very advanced on this aspect. Android phones on the other hand, apart from the Pixels >6, are all hackable with appropriate tooling.
As far as i remember there is a single leaked document about a specific celebrite version that had iOS 17 marked as already supported for some devices up to version 17.0.3, versions 17.1 to 17.3.1 as coming soon and 17.4 as in research..
And that document is from last April, 7 months ago, no one really knows how things progressed after that..
Best assumption to make is that all those versions are supported by now..
support for iOS 18 could be available or not, we do not know.. So again i will assume it is supported until the opposite is proved..
But all the latest iPhones in latest iOS versions were only supported in AFU, that apple is handling with this reset feature, or IPR, that require USB being unlocked and is extremely time sensitive as there are already defenses in place..
I would think that the secure enclave controls the device (un-)locking process and also wouldn't install OTA firmware updates nor accept commands from USB-connected peripherals while the device is locked.
Settings > Passcode > Allow access when locked: [_] Accessories.
Off by default, providing a one hour timeout since last phone unlock; or instantly, upon biometric rejection or after holding power-volume-up to reach the power off menu.
Macs are typically enabling an equivalent to this by default as well now, as of the latest macOS update.
They also refused to make a build (signed by Apple) which would remove any of those protections, though technically possible, but would have tainted their products as backdoored. They were prepared to argue forcing them to do that would be the government compelling speech, a violation of the First Amendment, a precedent the FBI didn’t want, and so turned to a CellBright type service instead. Apple did make public statements at the time against backdooring devices which might be construed as a stance.
My conspiracy theory here is that Apple knows that this is how law enforcement goes about unlocking phones with tech like Cellbrite so they add in code to thwart that effort but keep quiet so they can have the plausible deniability of it just being a bug.
Easier to assume it's a theft ring deterrent, eliminating some of the routes to social engineering that theft rings have been using, further reducing the usefulness of collecting large numbers of stolen iPhones in the same central place.
Yea, it seems like this would be easily verified, if true, by security experts. Watch the network traffic in a faraday cage. See some strange packets that don't make sense with currently used protocols, okay, maybe there is some truth. But if all you see are packets that arn't surprising (in this case, a ping to try to find a cell tower) and a reboot occurs, then there is no mystery, its probably as you suggest a bug or trying to self health from a failed watchdog check.
Its all happening over RF, its not like they can implement this so a signal opens a inter-dimensional portal and comes back out making it undetectable on the RF spectrum.
> The affected devices even included one that was in Airplane Mode and another that was kept in a Faraday cage
> The officials hypothesize that an iPhone running iOS 18 can send signals that make nearby units reboot if the device has been kept disconnected from cellular networks.
Either the officials are storing multiple devices in 1 cage, don't understand Faraday cages, or are arguing in bad faith.
> In October of 2024, multiple users of iPhone 16 Pro and iPhone 16 Pro Max units reported that their devices kept restarting themselves for no apparent reason. This is a known issue that occurred during normal use and one that Apple fixed with the iOS 18.1 update.
> This timeframe would also align with the creation of the alleged law enforcement document. Specifically, the document says that three iPhones with iOS 18.0 were brought into a forensics lab on October 3, after which they rebooted themselves.
I agree it is very unlikely. And I don't think you are proposing this is the case, but for the sake of argument. However, wouldn't it still be rather easy to verify? Faraday cage just helps with isolation and filters out the noise, so you can analyze a smaller set of data, in this case meaning you have to parse through less signals/data. But you would still be able to pinpoint this. If you can just monitor ultrasound, filter out what isn't easily explained/common (like background background radiation is to the universe).
To verify the original claim that it could happen over BLE, you don't need a faraday case to verify or prove this. The faraday cage just allows you to cut down on the data/signals to analyze.
> I don't see why that couldnt result in a reboot somehow
Because Find My is a reverse-engineered protocol that can be abused to broadcast false information to nearby devices? Trusting Find My to know when it's time for a reboot sounds like an amazing Flipper Zero feature but a not-so-great experience for iPhone owners.
Second this. It strikes me as a completely reasonable watchdog. Other than if you're keeping it around in a faraday cage it's very unlikely to receive *nothing* for an extended period. How many people take phones into such environments for extended periods? Thus if nothing is coming in it probably means something's messed up.
And if it reboots on the cops Apple probably considers that a plus.
They do communicate with each other for the "Find My" feature to work even when disconnected from cellular and wifi. It is basically the same operating principle behind Apple Tags.
I agree that it's unlikely but consider that Apple stores have a "dock" that can power on an iPhone and do an iOS upgrade while it's sealed in the box. Who knows what P2P communication protocols iPhones have.
Info from the future: it seems that fresh iOS18 versions reboot the phone if they haven't been unlocked for a specified amount of time (days it seems).
If it's in the hands of a legit owner, they just need to type the iCloud password and they're back in. If it was stolen or confiscated, it just became a very expensive brick unless they can coerce the owner to log in somehow.
> The idea that iPhones magically communicate with each other to “reboot randomly” when off a cellular network (assumably would happen on a plane easily) is pretty far fetched.
iOS devices communicate thru a separate ultra-wideband mesh network used for "Find My" and more recently the AirTags.
iPhones are already communicating with any and every bluetooth capable Apple device to enable the findmy/airtag functionality aren't they? I dont believe this is necessarily true just that its theoretically possible.
The issue is not that Apple devices communicate with each other. It's the absurd claim that there's a secret handshake between Apple devices that tells them to reboot if they've been offline and locked for too long.
So sit around in a less secure state for weeks and months and only when externally triggered reboot? That's a stupid feature and makes no sense. If you were to base any partial security measure off of how long a device has been powered up and locked, then just use a timer. Why wait for another phone to wander by?
Though the digital forensics lab claims they were all in airplane mode with one inside a faraday box, so how are they communicating with each other? This suggests incompetence on their part, perhaps not actually putting them in airplane mode or not understanding that bluetooth/wifi can be enabled (and may enable themselves) separately from the cellular radio.
It's not a network feature - the auto restart of the phone, it's not doing so bc of handshake signal, but rather the lack of one. This is incredibly similar "tech/apple innovation" that is very similar to timed DRM media services.
If you download all your songs from Napster - they will work for a month or two without connecting to a network but eventually the lack of a connection will lock the content, it doesn't kno if your still paying, so it makes you sign in.
This is the same but all behind the scenes. Apple phones are constantly communicating with their network or other devices - if that stops, something fishy is going on bc it's not supposed to be able to.
The restart is prolly more for them - that's probably the solution to most of the issues with a phone losing network connection, just restart it. So they built it in.
Sure it does what phones have done forever and makes you sign in with password or full biometrics once at startup buts that's not new either.
It’s communication in that information is being passed, but it’s a one-way Bluetooth broadcast. It’s not any kind of two-way communication.
At most an iPhone may be able to broadcast a Bluetooth message saying “anybody out there?“. I don’t even know if that’s possible. I’m sure Apple‘s white paper has the answer but I don’t remember it.
It’s very well established by numerous studies that apple products continuously scan for other wireless devices in their proximity, especially Apple ones but including wifi routers, and then upload their hardware IDs and MAC addresses to apple server, together with GPS location.
Where? If you want that to be partial evidence, you have to parse that sentence as:
(they’re randomly networking and intentionally rebooting) to thwart this specific law enforcement attack
which means
(they’re randomly networking to thwart this specific law enforcement attack) AND (they’re intentionally rebooting to thwart this specific law enforcement attack)
All you show is that they’re randomly networking, not that it’s for thwarting even any law enforcement attacks, so I don’t think what you say is partial evidence.
Well you could use the information that you just accepted is collected to identify which phones are in custody by the police, which phones have been stolen, lost or left without a user - that's all very easy actually considering the apple network and the number of their devices.
Having a few lines of code to dictate what happens once a phone has been identified as any of the above is pretty simple stuff.
I think this restart is for Apple - an easy attempt to restore the devices network connection (and the data stream from it) and has little or nothing to do with law enforcement originally but now Apple will say that's the whole entire reason this exists bc privacy.
Anyways, it was absolutely relevant info to the article and considering it and more - it's obvious that Apple could have done this, or something like it, to thwart cops but is very unlikely.
It would be beyond hilarious if Apple now went and implemented this safeguard. I don't even think a hard reboot would be necessary, simply if the phone hasn't had reception for some preset period of time, or if there's been more than some amount of incorrect logins, or no successful logins in some given amount of time, revert everything to the freshly booted state, encryption and all.
Great to see Apple taking a firm stance on this, this above other fancy features maintain customer loyalty.
People often point out the law enforcement case for breaking into phones but conveniently forget that the very same security holes used by law enforcement are used to make stealing phones more profitable and by other nation-states to spy, commit corporate espionage, etc.
It's not based on communication, though. It's based on how long it's been since the phone was last unlocked - which is an even stronger safeguard, since it can't be spoofed.
Apple doesn't save your physical SIM PIN, so it would mean leaving your phone untouched for a while would automatically make it unreachable, since you need to enter the SIM PIN after a reboot.
Untouched and out of range of all cellular networks (disregarding the SIM), most likely; we don’t know how long, though.
If your phone hasn’t connected to a cellular network in weeks and is locked in a stationary box 23.9 hours a day or more, then I’m not sure I would be surprised if it becomes automatically unreachable in this way eventually — it’s becoming unreachable any time it reboots for an overnight iOS update already, right? so an inactivity reboot isn’t going to have a worse impact than that already does.
(Note that physical SIMs were discontinued in late 2022 models, but it allows you to set an eSIM PIN with the same effect.)
I wonder how many people that would actually affect? All iPhones that support iOS 18 support eSIM. Starting with iPhone 14 all iPhones except the SE have only had eSIM.
I would guess that most people with only one SIM go with eSIM if they phone supports it.
You can put a PIN on an eSIM, but is there really much point? My understanding is that the main point of a SIM PIN is so that someone cannot transfer your physical SIM to another phone.
Without a PIN someone could steal your phone and even if they could not get past the phone lock they could just move the physical SIM to their phone and thus take over your phone number. They don't even need to steal your phone--they just need access to it for a few seconds to remove the SIM.
That's not the case with eSIM.
You might want a PIN to keep others from making/receiving calls if they have access to your unlocked phone, but because SIMs permanently lock after 3 failed unlock attempts (with no timeout--a mistake today, another a year from now, and another two years after that and it locks) that's probably asking for trouble.
Actually, it would be beyond reckless for Apple to do anything other than implement this as a safeguard. The cops just gave up the game. Their only way into a locked phone is one in an AFU state. Apple doesn't give backdoors to law enforcement, so in lieu of Apple being able to patch this vulnerability, they absolutely should implement protections against it, including this one we just heard from the horse's mouth.
If Apple doesn't make this an official feature, or worse: fixes this issue for the convenience of law enforcement, we need to read that as Apple selling out our privacy to the government.
Apple is in a weird position, on one hand they HAVE to give us government way to access people's iphone (CIA, NSA), and in a less direct way to the whole us government (local cops). On the other hand, privacy is a main point of their marketing so they have to look like they do things to protect it's users.
So they obviously have direct backdoor for the big ones like cia, and they let some wiggle room for 'security' companies that sell 0day exploit to local cops. If they didn't do, there would be lobbies until inevitably they too get their backdoor, which would look bad for apple. It would kill the myth of iphone privacy, any cop could leak about it.
I suspect this is either a bug or a feature that won't really prevent cops from accessing suspect's iphones, they will be annoyed until their 'unlock tool' get updated.
Don't count on Apple to actually fight any government to protect their customer privacy. If they did so, they would never have set up an alternate icloud on CCP controlled server for their Chinese customer, they Would have gone out of Chinese market.
"While all of the vulnerabilities were zero-day bugs when patched, one attracted particular attention, because it turned out to be an undocumented hardware vulnerability.
Larin described the bug as “insane”, saying it’s a hardware feature in Apple’s A12 to A16 Bionic system-on-chip (SoC).
The feature, he said, allows attackers to “bypass the hardware-based kernel memory protection” in target iPhones, if they write data to “unknown memory-mapped input-output (MIMO) hardware registers” that Apple’s firmware doesn’t use.
Larin said the research team found six undocumented MIMO addresses used by the Triangulation exploit, which “basically, bypass all hardware-based kernel memory protections”.
He said they appear to be ARM/Apple CoreSight debug registers for GPUs, since they’re nearby identified MIMO registers.
In a statement, Larin said that "due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming.”
Would the condition be irritating for me when am taking a very long multi transit flight and prefer to keep my phone on airplane mode because am trying to read My ebooks on my kindle during the journey and my phone keeps rebooting …
Airplane mode isn't the same as putting the phone inside a Faraday cage. The phone can tell the difference. Even in airplane mode the phone could receive rf; airplane mode is just supposed to disable transmission.
I think this is simply a matter of finding good defaults. In my opinion, the order of magnitude should be how many days without reception, not how many hours. A week sounds like a sane baseline for me, since that is more than ample time for most people to end up in a situation where you're connected again. Likewise you could reset the counter on a successful unlock. On the flip side, a week is not enough time to reasonably bruteforce anything if the time you have to wait before each retry goes up with every failure.
I dont think it is related to how long it has or not reception.
Also, it would be easy for cops to create a spoofed celular network to keep those phones with reception.
It look like it is based on how long since phone was last unlocked, i would say 1 week is even a big long in this case.. Just a couple of days should be more then enough.
Depending on the phone model and OS, airplane mode may disable Wi-Fi and Bluetooth, but it won't turn off GPS. If the iPhone is one of those devices, it could detect a fast elevation change and not reboot the phone until it comes back down in elevation in a motionless state.
This reads more like a chain email forward than an actual analysis of the iPhone tech stack.
Fwd: Fwd: READ THIS!!! You won't believe what the iPhone does when off network and around other iPhones!!!
> It is believed that the iPhone devices with iOS 18.0 brought into the lab, if conditions were available, communicated with the other iPhone devices that were powered on in the vault in AFU. That communication sent a signal to devices to reboot after so much time had transpired since device activity or being off network.
The hypothesis doesn't make any sense because the phone doesn't need to communicate with other phones to decide to restart/lock based on lack of network signal.
> Matthew Green, a cryptographer and Johns Hopkins professor told 404 Media that the law enforcement officials' hypothesis about iOS 18 devices is "deeply suspect," but he was impressed with the concept.
The article also states that you can use a passcode or Face ID to get into AFU state, but of course you cannot – the main distinguisher (to a user at least) of BFU is that you must unlock with your passcode as biometrics are disabled.
GrapheneOS has a "reboot after x hours inactivity" feature specifically to prevent the scenario mentioned in the story. Otherwise leaving a phone powered on is a massive risk, especially if cops can keep it charged for months to wait for an exploit.
Yeah an option to "reboot after not being unlocked for x hours" where x is considerably longer than the average time the phone would ever be locked under normal circumstances, would be great for security.
Maybe designed to help with anti-theft? I already use a shortcut automation when airplane mode is turned on to lock my phone and turn off airplane mode, as that’s the first thing thieves would do.
You can just disable access to Control Center and Siri when locked. If you have an eSIM device, this is a really great thing to do, as it’ll always connect to a cellular network when available.
How is this shortcut even possible? Maybe it’s because I have an older model or haven’t figured out how to build good Shortcuts yet, but I thought that every shortcut requires some kind of manual activation. Would you launch the shortcut from an Apple Watch? Wouldn’t iOS require confirmation from the thief to turn off airplane mode?
That being said, I have heard of a weird automation someone made where it would open an app as soon as they went to the Home Screen. It took some thinking for them to deactivate it because the shortcut was really fast to activate.
I see how to build it now, thank you. I imagine for this automation to serve its purpose, we also need to make the Control Center inaccessible when the phone is locked so that whoever has the phone can’t just try turning it off again. Well, that isn’t strictly necessary since the automation seems to run anytime Airplane Mode is enabled.
This is a great idea. Perhaps add a moderate delay (say 30 seconds or 1 minute) to confuse them even more. Then they will think that airplane mode is active when it isn't.
When you say theft, do you mean by someone with interest in the hardware or the data? Assuming hardware, I'm not sure I understand why a thief who intends to wipe it anyway would care about an auto restart versus normal screen lock. Assuming data, that's exactly what the article is about.
Are thieves really even stealing phones anymore? You can't pawn or sell them anymore because they can't just be reset and setup with a new account, batteries are becoming impossible to remove...all you can really take is the screen which isn't really worth much either.
Obviously, the logic board is locked to the owner's Apple account, but so is the display, battery, camera, and selfie camera. Basically the only thing you can reuse is the metal frame of the phone.
Phones are still stolen (since the cost of theft is $0) but stolen phones are worth closer to $5 than $1000.
> Phones are still stolen (since the cost of theft is $0) but stolen phones are worth closer to $5 than $1000.
I have read that there are services offered by specialized criminals to unlock stolen iPhones. These basically amount to phishing schemes where they trick the owner into entering their apple ID and password on a site under their control.
They can then factory reset the iPhone, but they also get to mine the phone/account for crypto, banking details, identity theft, etc.
Potentially the value of a stolen iPhone can be more than the aftermarket price, since draining a bank account has unbounded gain.
Low level thieves are getting $300-$600 for stolen phones.
> I know mobile networks keep lists of stolen devices, but they can't be used at all? Like all possible recovery modes demand authentication?
Newer phones for, I want to say maybe the last 5 years, yeah.
If it's turned off and you don't have the code to boot it, you can't access any kind of bootloader or recovery mode, it just shows a screen with an obfuscated email that is required to unlock it or something similar.
Gone are the days of just being able to do a factory reset.
Personally I only use it for battery savings when camping or similar. It's not the kind of thing everyone cares about. I think we're long past the days where a flight full of phones frantically searching for towers during takeoff/landing would degrade the network for people on the ground, as may have been true way back when (and why) airplane mode was adopted as a standard feature.
I have to think that if mobile phones presented an actual interference threat to aircraft avionics systems they simply would not be allowed on board. You cannot assume that all the passengers will follow the instructions to turn them off/disable the radios.
It was never about that. It’s about interference with aircraft systems.
Look for “5G NOTAM” if you are someone who thinks this is bunk. Specifically, some radio altimeters (which are needed for some IMC approaches) can be interfered with by the adjacent 5G frequency bands due to not being built with a tight enough filter.
The 5G issue was more about flying in or over anywhere that had a 5G service using that particular band - it didn’t matter whether anyone on the phone did or did not have a phone on.
Hence the whole US aircraft fleet was upgraded (by the end of September 2023) so that band could be used for 5G there and it’s no longer a problem.
As I understand it, cellular modems wouldn’t transmit on a frequency if they can’t see a base station (tower) first on that channel, so I expect before the problem was fixed, the temporary solution was just to disable that band at the base stations.
If there was any actual known or suspected risk of electromagnetic compatibility issues with any consumer devices, there would be very strict laws about it (it might become a Federal offence not to have your phone in airplane mode, for example - but obviously it’s not)
We can further caveat that it wasn't "anywhere that had a 5G service" since the radio altimeter is not needed except on low visibility approaches into an airport.
Either way, it's about interference with aircraft systems from cellular infrastructure/devices. Certainly, if a tower talking on 5G can interfere with a radio altimeter, a bunch of cellphones onboard could do the same thing or even amplify the effect.
> it might become a Federal offence not to have your phone in airplane mode, for example - but obviously it’s not
Violating directions from the flight crew can be a federal offense. There is a chain of authority from the FAA to the airlines and to the PIC. The airline and PIC delegate part of that authority to the rest of the crew. Unless you are very aware of every regulation and particular company policy, I highly recommend that you don't test this.
Cellphones used to operate on a frequency band that was very close to the same band used by ground proximity warning systems, so theoretically they could interfere with the safety systems on a plane. Modern phones use different frequency bands now.
I typically activate airplane mode twice and have it fail. Remember the automation, go deactivate the automation and then airplane mode works. On actual airplanes, I’m more likely to simply power off my phone.
When people say things like this what they're actually doing is falsely associating walkable urban fabric in cities like San Francisco, NYC, and large parts of Chicago as being especially dangerous just because it's only practical to be pick-pocketed on foot.
They say this while ignoring the generally low crime rates of those compared to peers. For example, Chicago has an almost 20% lower property crime rate than Peoria, IL. Fort Worth, TX has 52% higher property crime rate than New York City. Carmel, Indiana, an affluent suburb with a public high school ranked #354 in the country and 6th in Indiana, only manages to have a 28% better property crime rate than NYC.
(And driving a car around is a lot more statistically dangerous to your life than walking around a big city. I'd rather have my phone stolen than be t-boned by a drunk driver)
I very much doubt it. Far more likely to be a memory leak in the baseband which is exposed when the devices are unable to talk to the cellular network for a period of time.
Ya, I'm guessing these cops don't have iPhones because if they did they would know that iOS is just buggy. I mean, the last time I restarted my iPhone before iOS 18 was when I installed the last iOS 17 patch. Since installing iOS 18 I've had to restart it twice because it stopped responding.
You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.
> You actually don't have to power it down. If you hold the power and volume buttons for 2 seconds and reach the "slide to power off" screen, the phone is already hard locked. You then always have to enter the passcode to unlock it.
Iphones have 2 states when it comes to encryption:
Before First Unlock (BFU) - everything is encrypted. The most difficult state to hack.
After First Unlock (AFU) - data isn’t fully encrypted. Maybe it's for performance reasons. In this state exploits exist which police can use to get data.
Your suggestion of getting to the 'slide to power off' screen does NOT hardlock the phone (it does not put it in BFU).
It just means it requires a passcode. However, since it is in AFU mode, data can be exfiltrated with the right tools.
This is wrong. While this clears a some keys and prevents anyone from holding the phone up your face to unlock it, it doesn’t bring the phone back into a full BFU state.
Some keys can still be read, and depending on the exploit they use a lot of data could be extracted. BFU + good passcode is always the way to go.
If you have an iPhone SE Gen 3 (Or any other iPhone with TouchID, but models older than the SEGen3 have other weaknesses to worry about), you can do the same by spamming the power button 5 times.
You can also ask Siri to reboot or turn off your phone, Siri will ask you to confirm you want to do the action, but it doesn't take too long to do. Just in case you don't want to reach for your phone for what ever reason.
IDK about iOS, but android (or at least calyxOS/grapheneOS) has a feature where you can make the phone automatically reboot after a certain amount of time (thus removing the keys from memory).
Unfortunately, though, you won't be able to do so while handing it over, and US cops will just kill you if you take too long handing over your phone because they can.
Any time a police encounter starts, you can at least tap the standby button 5 times. It's not as good as a shutdown, but it will at least disable biometrics so it will require a password to unlock. They can't legally force you to reveal your password.
> the reported iPhone reboots highlight the constant cat and mouse game between law enforcement officers and forensic experts on one side, and phone manufacturers Apple and Google on the other.
I don't think Google is in this same category at all. Didn't they just recently give nest door unlock codes to LEO without even asking for a warrant?
Apple and Google are on different planets when it comes to user privacy.
My iPhone 16 on iOS 18 has been randomly respringing (as far as I can tell). Not fully rebooting but basically the UI crashes and it kicks me out to the lock screen.
I wonder if that's all this is. Probably a memory leak somewhere or some other bug.
I was thinking the same thing -- I've had to reboot my iPhone a couple of times since installing iOS 18 because it became unresponsive. It's been years since I've had an iPhone do that so this is very unusual.
Just today, I got a notification on my Pixel to turn on "Theft Offline Device Lock". I can't claim that it puts the phone into a pre-first-auth state, I've not tried it yet and the docs aren't clear. Along with it came a "Remote lock" features, where visiting android.com/lock and putting in your phone number will also lock your device, so it requires the screen lock to unlock.
It would be sensible if both these features put the phone into a pre-first-auth mode.
I turned this on as well and all I've had are a few false positives when running up stairs or similar. Good feature and id rather have to unlock occasionally than error the other way.
Cops are some of the greatest "victims" in our society. Encryption will make their investigations more difficult. They'll be judged first by the basis of the race of their suspect and then by the suspected crime. Even bodycams (which they're now quick to hail as they're "recording too," when people record interactions with their phones) were going to impeded their ability to do their jobs.
There are fewer groups with so much power who see themselves as downtrodden. I could name others, but that'd be going off-topic.
Why would the iPhones need to communicate in order to reboot? Just detect a lost network connection, add a timer, lack of normal user activity, some other signal, ....
Imagine the future when neurolink is going to be fully developed and the court would be able to authorise drilling into your skull to forcefully connect you to a computer to read your thoughts. Well, that's not much different.
“But the sufficiently nefarious might reboot or wipe their phone remotely,” is a component in the black letter law of the fourth amendment and exigency. Kind of interesting that now the handset manufacturer might be automatically doing that for all of us.
There is not a corporation on earth that has data collected on you that will voluntarily or automatically delete it - even just from a device disconnected from the network (especially so actually, bc there is new data still on the device not synced to the network) - not a single corp with data will ever delete it, even if they say they do.
It's a good feature. A similar feature just got added to Android, too. If the phone loses network, it locks. If the accelerometer thinks that the phone has been snatched from your hand, it locks.
There's a difference between locking a phone and entering Before First Unlock state. After a reboot and before authentication the credentials stored on a phone are locked down much more securely, to the point (most) apps can't even start in the background.
Locking and disabling biometrics are good ways to add a quick layer of protection, but rebooting makes it incredibly difficult for exploit kits and other hacking tools to dump the contents of a phone's storage.
I'm thinking this may just be a bug (how often does a real world iPhone get zero available networks of any kind? Probably not enough for that use case to be tested thoroughly for days) but with how hard law enforcement is panicking about this, maybe it should be a feature. If they care this much, I don't think their expensive hacking subscription they've bought is working anymore, so it's probably working around some pretty bad vulnerabilities in iOS.
Btw, is there a way to set Android to automatically reboot at a fixed time? That'd only cost like 20 seconds more to unlock in the morning but reduce the chance of 3-letter-agencies being able to extract the content in AFU state.
Sadly GrapheneOS is only available on recent Pixel devices. I know I'm probably the only one that still cares about these features, but I won't buy a phone that requires me to hot-glue a USB dock to it just to get 3.5mm and microSD if I can simply buy a Sony instead :/
1) Keep the alarm data in an insecure location so that app can work before login. (A read only cache is fine)
2) Let me _choose_ if some other apps can live in the insecure storage partition too. E.G. Google Voice comes to mind along with any basic carrier integration stuff you'd rather just have even on a fully locked phone. (Why GV in unlocked? It interacts with the insecure phone network anyway, so that's not exactly holding much back. Maybe make message history harder to get to with a still locked device.)
My Xiaomi phone had a feature where it would boot the phone shortly before any alarms would go off, so you could shut it down before bed and barely drain the battery in the mean time. Still required manual shutdowns, though.
How would they obtain a Cellebrite in the first place?
I’m guessing that supply chain is pretty locked down. Sure, a journalist might have obtained one at some point but it won’t be able to phone home and download the latest exploits.
>School districts and the like have them, it's not at all locked down.
I read the article about school districts obtaining Cellebrite devices, but I don't think that really refutes what I'm saying. If it was that easy, why wouldn't we see more in-depth analysis of the exploits that UFEDs use?
Other than the Moxie Marlinspike post, I haven't heard of anything recently. Would love to learn more about this topic.
> The digital forensics lab that noticed the issue had several iPhones in AFU state reboot, including iPhones in Airplane mode and one in a faraday box.
You can stop reading there. iOS 18 doesn't add freaking telepathy to phones. Whether it's a bug or a new feature Apple added that reboots phones under certain circumstances, it's not "iPhones communicating to force reboots".
I'm glad HN doesn't allow emoji, but I do wish I could add :facepalm: or :eye-roll: here.
It's the faraday box part in particular. Airplane mode isn't a true no-radios mode on iPhone (this is well-known, or should be on HN at least). But it does leave cellular radios off. Wifi and bluetooth might need to be separately disabled and with wifi, at least, it'll turn back on after a while. So maybe (being very generous), if bluetooth or wifi is enabled or becomes re-enabled, there's a signal between the iPhones that causes this reboot behavior.
But how is a device in a faraday box receiving this signal and rebooting? And why do they need a signal when they could just use their own clocks and determine that it's been X days or weeks since last going online and reboot?
> how is a device in a faraday box receiving this signal and rebooting?
Doesn’t need to. Being in a Faraday box is a reasonable trigger for a single reboot. That said, the most incredulous part of this story is that iPhones can detect when they’re in a Faraday cage.
I'm going to go ahead and assert that they can't tell. A Faraday cage is just a deliberate construction of a situation that happens all the time anyway. Hospitals have lots of shielded rooms in and around the radiology department. The basement of a steel building is basically the same. So is anywhere on a ship. My aged house has lath and plaster walls that can simultaneously survive a nuclear blast and also block Wi-Fi unless the amp's turned up to 11. There's no sensor in an iPhone that could tell that it's in a specially-constructed Faraday cage instead of a plain old dresser drawer in my bedroom.
I'm not sure if that's possible. What's the difference between that and someone sitting their phone on a metal cabinet?
I'm even more confident that Apple hasn't spent the research hours required to do that reliably, then incorporate the electronics and software needed into off-the-shelf phones, all to protect criminals from having their phones hacked under very specific conditions. That seems like a huge money sink.
> What's the difference between that and someone sitting their phone on a metal cabinet?
In a zero-signal environment? With other iPhones in very close proximity?
You can even measure your false positive rate by timing to first successful unlock. If it happens more than once, turn down the sensitivity on the feature (or turn it off completely).
(Were I designing this feature, I’d let phones in this state poll the other phones on how long they’ve been in it.)
But the claim is that other iPhones in the area are triggering the reboot. Setting that claim aside, though, how would the device even tell it's in a faraday box versus just out in the woods?
> the claim is that other iPhones in the area are triggering the reboot
Lack of motion? The information the other phones provide are proximity (it’s unusual for people to pile their phones together), that the radios still work and possibly a timeline, e.g. if the other phone says “I’ve been in a suspicious state for two days,” the first phone can change its priors.
I could easily see this as a security measure. Give the phone a concept of fear of being stolen. Phone, alone, continued source of power for an extended period. Somebody could have left it on a charger and gone away. Phone, continued source of power for an extended period and static bluetooth signals from other phones--what's going on here? This is very suspicious, turn defenses to max. It doesn't need to know the difference between thieves trying to thwart it and cops trying to thwart it.
Out there in the woods there's still GPS data. There are very few places on Earth outside a faraday cage where you can go for a long time without receiving *anything*.
Faraday cages used by law enforcement, such as [1] aren't impervious to RF.
They provide enough attenuation to keep phones off the cellular network and prevent GNSS from working, but not enough to prevent communication with nearby devices via Bluetooth or wifi.
A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Unless the forensic lab has additional special shielding from cell towers, the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar, so they'd both be attenuated similarly.
> A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant
It's not constant at all. The level of attenuation varies greatly based on frequency. For the Ramsey STE3000 I have here, it varies by 40dB or more at the frequencies at which I've tested it. The enclosure good for around -100dB at 700MHz, but only -60dB or so at 2.4GHz.
> (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Even if you exclude mmWave and consider only the sub-6 bands, AT&T for example has LTE and 5G bands from 700MHz to 3700MHz. They're not similar at all. Worlds of difference in terms of propagation characteristics.
> the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar
No, they wouldn't.
On my Pixel 8 Pro right now I'm seeing -93dBm from a tower about half a mile down the road (700MHz LTE), and -40dBm from the BLE radio in the HVAC controller on the wall of this room, about 8 or 10 feet away. That's a 53dB difference.
If I put my phone in the box, it attenuates the LTE downlink from down the street to well below the thermal noise floor. It cannot do the same for BLE; my phone can still talk to the HVAC controller from inside.
Ah, then they could definitely communicate with each other.
And while I don't expect stock iPhones to do anything like what's being suggested in the article, I could see custom software activating a "panic mode" based on observations that plausibly suggest a device being in such an environment.
Anything's possible, but I am highly skeptical of the notion. Their little speakers don't have infinite frequency response, and I haven't heard reports of young teens saying their phones make weird chirps. Also, why on Earth would Apple do this? The notion that iPhone A in AFU mode is anxiously listening for iPhone B to come along and send it an audio trigger that it should reboot is hard to believe. It would be way easier to just tell iPhone A to reboot after N hours in AFU mode if they wanted to accomplish such a thing. And why would iPhone B be sending the "OMG reboot yourself!" audio signal to iPhone A in the first place?
They don’t need infinite frequency response, and I don’t think it’s unusual to have a frequency response outside of human hearing. I know for a fact that Cisco uses frequencies outside human hearing to help pair your computer to meeting room screens
GrapheneOS implements basically this as a security feature against non-persistent malware, and I think it's a great idea that all phones should do. Graphene has your phone reboot after an uptime greater than some value you pick.
I don’t think it’s other iPhones that are sending a signal. Rather, it’s probably a security option that’s easy for most people to overlook in the Settings app. I have little knowledge about iPhone hacking, but I think in the same place where you can say “delete my data after 10 failed passcode attempts”, you can also force ask for a passcode to start using accessories again if it’s been a long time since it’s been unlocked. But I don’t think I have ever seen anything around rebooting. That sounds like a very nice feature though since rebooting apparently is good for making sure the phone clears spyware access.
We need to write an app to automatically reboot your iphone every night as a user selectable time if reboot your iphone is apparently phone spies kryptonite.
There were a number of custom “crime phones”, run by criminal organizations. One of the features was rebooting when were arrested, as triggered by the criminal organization.
Law enforcement seems to be reading the behavior into the iPhone, which is understandable. They’ve see it before.
The real concern is how law enforcement seems to create these bright lines between “legitimate” and “illegitimate” security.
Shutting down when an attack is suspected is a reasonable security feature.
> Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time.
My guess (and this is just a complete random guess), its a bug not a feature, prob to do with Find My, all the phones are prob airplane mode and they are all trying to talk to each other (and to the mothership) regarding Find My and are crashing out.
My time as a digital forensic investigator was short and over a decade ago now, but it was standard where I was to put each phone in a faraday bag to help reduce concerns around remote wiping capabilities.
What's odd to me in this article is it doesn't seem like faraday bags are being used. I'd assume concerns over this type of thing are greater than ever now.
If you're on a long flight and you leave your phone on but don't unlock it to use it during that time, and a consequence is that the phone reboots, what is the big deal?
Right. So, if you're about to go somewhere where your phone might be arbitrarily searched i.e. an airport in your own or another country, I guess this means it's a good idea to shutdown your phone and put it into a Before First Unlock state to protect your files.
>Could easily just be a memory leak that is accumulating until the OS crashes.
That would be my assumption since they are storing them in labs while trying to crack them under non-normal conditions, so it could easily be a memory leak that doesn't happen under normal conditions. Either that or its the software they use to mess with the encryption causing issues.
Or not actually a leak, just overuse. Suppose there's some sort of log that accumulates while it's failing to communicate. Once it communicates the log gets dumped. Log gets too big, software faults, watchdog reboots it.
That's a good point. Developers often neglect to consider the size of logs since they generally aren't that big unless something out of the ordinary happens.
Yes, but they don’t look at the phone 24/7. If all the phone seeming restarted over the weekend… what’s the more likely scenario: 1) the phones gossiped with each other (including the one in faraday cage) and decided to all restart themselves, or 2) they lost power over the weekend.
I don't have an iPhone, but it's not exactly alien for me to be in a situation where I've gone more than a couple of hours without touching my phone but while it is doing something important: recording where I am. (And, yes, I have fallback options, but they aren't nearly as good.)
If you're going to put in an auto reboot either make it long enough nobody will trip it while the phone is legitimately recording something or make it configurable.
Do alarms work on iphones if they are in the BFU state? I'm pretty sure they don't on my android, because it hasn't even unlocked most of the bootloader if you haven't put your pin in.
Yes. If your iPhone updates over night (as I mentioned in another comment, common time for automatic updates or just to kick them off manually) your alarm still goes off the next day after it restarts.
Very little, which is why if you enable automatic updates on iPhones they try to apply those updates at night while the device is locked and charging, when most people are sleeping. If you're using the phone it won't activate at night and will let you know that it couldn't install the update.
Only harm I could see if someone grabs their phone to make emergency call and it's rebooting or locked and in their sleepy state, have trouble unlocking it.
However, I do think 12 hour "Phone hasn't been unlocked, reboot it" seems logical security feature to add.
Not an audio command, but even just holding down the volume and side buttons to open the power off menu, without actually powering off your phone, triggers the same behavior.
That locks the phone, but a reboot presumably drops a lot of in-memory caches, to one degree or another. I don’t know whether (or how well) iOS zeroes out memory, but I can certainly imagine the AFU state is easier to target than the BFU state.
This is absolutely some kind of non-technical user superstition style claim born from a little bit of paranoia that Apple hates cops because they don’t roll over easy (though they do follow subpoenas they are technically capable of following).
The truly scary part is we're not actually talking about 'cops' here, but 'detectives', you know, the police who *aren't* supposed to be knuckledraggers incapable of reasoning; the people who are entrusted to solve murders.
What happens if one is in a place with no connectivity for a long time? There are areas of the world like that. Periodic forced reboots are useless and harmful there. Think about reading ebooks offline or following a map with only GPS on.
Additionally, this wouldn't require a periodic reboot; only one. So, phone in After First Unlock state loses cellular connection -> timeout period expires without being unlocked -> phone reboots. This process only restarts once the user unlocks it _and_ it has re-acquired a cellular connection.
Actually... it looks like they may have just added somethign similar in iOS 18.1. It's based on the phone not being unlocked, though, not network activity.
A reboot of a phone is hardly the end of the word, and it's trivial and obvious to simply have the trigger conditions be slightly less simple and stupid. Like require some user activity. Require the pin again or some other reassurance.
What happens if one is in a place with no connectivity? What indeed? Nothing much. That's what happens.
Another option is that whatever bug cellebrite was exploiting to extract data from iPhones in AFU mode is now subtly not working, leading to unexpected reboots when attempting extraction.
Or heck, if the phone thinks the cellular modem isn’t working (like the phone in a faraday cage), some watchdog might just timeout and reboot.
In any case, the idea that they’re randomly networking and intentionally rebooting to thwart this specific law enforcement attack seems pretty unlikely.