9TO5MAC.COM
Researcher reverse engineers new iPhone security feature Inactivity Reboot
A recent report by 404 Media revealed that law enforcement agents have been concerned about iPhones automatically rebooting themselves, which makes it very difficult to hack these devices. Security researcher Jiska Classen later discovered that this behavior is caused by a new feature called Inactivity Reboot, which has now been reverse-engineered by Classen.Reverse engineering iPhones Inactivity Reboot featureThe researcher detailed in a blog post how exactly Inactivity Reboot was implemented by Apple which did everything quietly without publicly announcing the new security feature. Based on iOS code, it was possible to confirm that Inactivity Reboot was implemented in iOS 18.1, although iOS 18.2 beta code suggests that Apple is still making improvements to how it works.Contrary to what was previously thought, the security feature has no relation to wireless connectivity. Instead, it uses the Secure Enclave Processor (SEP) to track when the iPhone was last unlocked. If the last time unlocked exceeds three days, SEP notifies a kernel that kills Springboard (which is the core of iOS) and initiates a reboot.Unsurprisingly, according to Classen, Apple has implemented ways to prevent hackers from bypassing this process. For example, if something prevents the kernel from rebooting the iPhone, the system will automatically cause a kernel panic to crash and reboot the device. The system also sends analytical data to Apple when a device enters the aks-inactivity state.Since everything related to Inactivity Reboot happens in SEP and not in the main iOS kernel, its much more challenging to bypass it even if the main kernel is compromised (like with a jailbreak tool). As Classen explained, little is known about the SEP as Apple keeps everything, including its firmware, under wraps.When rebooted, the iPhone enters a Before First Unlock (BFU) mode, which encrypts all the files on the device until the user enters the devices passcode. Even Cellebrite, a cybersecurity company that specializes in extracting data from locked iPhones, acknowledges that getting data from a device in BFU mode is quite challenging.Cellebrite tool used to hack iPhonesApple doesnt say why it implemented Inactivity Reboot on the iPhone with iOS 18, but the reasons seem pretty clear. The company certainly wants to crack down on tools like Cellebrite and Pegasus spyware, which are often used by law enforcement agents. Of course, this also protects regular users who may have their data extracted after being the victim of a theft or robbery.More details on reverse engineering the Inactivity Reboot feature can be found on Jiska Classens blog.Add 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
0 Commentaires 0 Parts 18 Vue