Law enforcement officers are warning other officials and forensic experts that iPhones which have been stored securely for forensic examination are somehow rebooting themselves, returning the devices to a state that makes them much harder to unlock, according to a law enforcement document obtained by 404 Media.
The exact reason for the reboots is unclear, but the document authors, who appear to be law enforcement officials in Detroit, Michigan, hypothesize that Apple may have introduced a new security feature in iOS 18 that tells nearby iPhones to reboot if they have been disconnected from a cellular network for some time. After being rebooted, iPhones are generally more secure against tools that aim to crack the password of and take data from the phone.
“The purpose of this notice is to spread awareness of a situation involving iPhones, which is causing iPhone devices to reboot in a short amount of time (observations are possibly within 24 hours) when removed from a cellular network,” the document reads.
Hah! If this is really true - that’s a great feature by Apple. But they’ll learn and keep it connected and charged and whatnot going forward.
Not necessarily. If it’s connected to a network a remote wipe command could be issued. That’s presumably the reason they would keep them in a faraday box as described in the article.
Whether or not Apple did this on purpose, this is an excellent data point for how secure an updated iPhone is in BFU status.
Let’s assume that Apple released an auto reboot feature.
GrapheneOS has had that for years, and all GrapheneOS devices reboot after 18 hours of a phone not being unlocked. You can adjust the auto reboot timer from as low as 10 minutes to as long as 72 hours.
Auto reboot is also implemented on a kernel level, so even if an adversary tried to bypass it, it would cause a kernel panic, which would reboot the device anyway. Meanwhile, we have no idea how Apple’s implementation works because of their proprietary blob of an OS and zero documentation about that particular feature.
You can connect it to the network and block all incoming attempts to remotely wipe the device.
In short, this is just another feature that GrapheneOS or even Android has implemented a lot better, but Apple will get all the news coverage + all the hype on the forums like it happened with Lockdown Mode.
I didn’t know that about Graphene. TIL.
Thanks.
@jerm great news. Great to hear that our phones keeps geting more and more secure over time. Well done Apple (if true)
It’s likely just a bug, Apple surely would’ve announced this feature if it was intentional. Just funny to me that the cops assumed Apple is working against them secretly instead of assuming it’s a bug.
This thread isn’t about GrapheneOS. It’s about a possible (though unlikely) new feature in iOS 18 and the observation that an iPhone is very secure from exploitation when in BFU state.
You know how you can tell if someone uses GrapheneOS on their phone?
They’ll tell you
All devices are secure in BFU state if you have a strong enough passphrase. iPhones aren’t special in any way except that they have rate limiting, which makes a 6-digit PIN secure enough, but the same also applies to Google Pixel devices.
Why are you so upset about this? Looks like you’re holding some kind of grudge against GrapheneOS or its users, lol.
Same with my phone. I don’t invest anytime in customizing it because it’s irrelevant in my case. It doesn’t really matter if it’s some stock android or a “hardened” GraphenOS ROM. Relying on your phone for everything is a huge opsec fail. The based answer is using your phone to make simple calls and texts with friends/family and never storing sensitive data on something that you’re walking around with in your pocket 24/7. It would be nice if you could get friends and family to all use encryption when communicating with you, but even that I find is challenging to say the least. Getting others to break their habits is exceedingly difficult if not impossible.
Relying on devices with the highest security and most robust sandboxing and permission control is a huge OPSec fail? Okay.
Seems like Apple did actually add an auto-reboot feature.
I said it was an opsec fail, not a insecure device. These things are not mutually inclusive and there’s much much more to practicing good opsec than just using “hardened” digital devices or whatever. I don’t care how robust their sandboxing is, creating a physical “sandbox” with my computer being locked behind my door on private property that no one can legally enter without a warrant is much safer than carrying around personal data in your pocket.
wildly Off topic, desktop security
Is the setup air gapped? Otherwise your network can be used to enter your house without a warrant. Break into your network, infect your PC with a persistent malware and gain RCE/Privilege Escalation. Then use that to activate your camera, microphone, connected smart devices, and siphon data off. Or advertise the infected PC as a DHCP resolver and break your VPN config?
Android hardened systems are safe against most of the above threats: They have anti-persistence, they don’t have root privileges, the sandboxing means hardware is isolated from software, and DHCP attacks don’t work against them.
If your system is air gapped, it can still be easy to infect it with social engineering, and then try to crack into your WiFi (or maybe even get that with social engineering). Then repeat the cycle above. Or they can exflitrate data using sound, ultrasonic, etc. too. (Good recap of airgapped attacks)
Ultimately, desktops are very insecure. So it would be poor OpSec to trust them for anyone who is specifically targeted. The best would be to not use any device, but if I had to use a device, I’d pick a pixel with GOS or iPhone and then maybe remove cellular components/use Pixel tab, than use a desktop. There is a reason only nonpersistent OS like Tails are recommended for actual dissidents.
The only instance where your setup can be more secure than an up-to-date iPhone or Google Pixel is if someone snatches your phone from you when it’s unlocked. But even if that were to happen, Google has introduced a new theft detection feature that will lock a phone if it detects it being snatched from you.
Even if your phone was snatched from you when it was unlocked and theft detection didn’t work, you can still keep data encrypted at rest on the private space or a separate user profile.
Call it philosophical differences then. I’m confident enough in my own network mitigation efforts that I still enjoy the peace of mind that my gear is sitting behind a physical barrier that is not so easily broken into (legally speaking). I want my data secured both digitally and physically, rather than keeping everything on a daily device I use simply for emergencies or to contact family. I keep these two parts of my life completely separate. Which may not work for everyone, but works just fine for me.