The latest major enhancement that arrived with the iOS 18 series on iPhones is Apple Intelligence. Additionally, Apple has seemingly bolstered its security measures to better shield devices that haven’t been unlocked for an extended period from unauthorized access.
This month, law enforcement officials expressed concerns about iPhones unexpectedly rebooting, as reported by 404Media. A source in Michigan highlighted that these unanticipated reboots complicate the ability to retrieve content from the devices using brute-force unlocking techniques.
In response to the reported issues, wireless and mobile security researcher Dr.-Ing. Jiska Classen shared insights about a feature in iOS 18.1 known as “inactivity reboot.” This feature activates when there is an attempt to unlock an iPhone after a period of inactivity.
“While forensic evaluations of mobile devices may be uncommon, stolen phones are a frequent occurrence. This development safeguards user data in both scenarios,” she explained. The entire system functions based on patterns of inactivity, triggering a secure state post-restart.
Specifically, upon a restart, an iPhone enters a BFU (Before First Unlock) state, remaining there until it is unlocked. This BFU state is a crucial security feature, as it encrypts the data stored on the device, making files accessible only upon successful unlock.
Cellebrite
When unlocking an iPhone after a restart (or during the BFU phase), a decryption key is generated, allowing access to the files on the device. “Nearly all content on an iPhone is encrypted until the user unlocks it, enabling the phone to function,” notes Cellebrite, a company that provides tools for law enforcement to extract data from mobile devices.
While the BFU state doesn’t restrict access to all data, it does place significant limitations. “If you seize an iPhone that is already turned on, try to keep it powered on,” Cellebrite suggests to investigators in another blog post.
With the introduction of the “inactivity reboot” feature, Apple has added a further hurdle for accessing data on devices that have remained locked for a while due to the automatic reboot that places the phone into BFU mode.
Although the BFU state alone isn’t foolproof, Cellebrite claims that its Premium package—which includes specialized hardware and software—can assist in data extraction from devices in this state.
However, a research study from the Department of Electrical Engineering at Universitas Indonesia revealed that using the Cellebrite Premium system facilitates the recovery of only about 40% of media from devices in a BFU locked state.
Apple has yet to offer an official statement regarding the newly implemented “inactivity reboot” feature in iOS 18.1. Nonetheless, the company continues to collaborate with law enforcement when it comes to unlocking iPhones under proper legal procedures.