iOS 18 has introduced a new security feature, making life harder for law enforcement trying to unlock iPhones.
According to 404 Media, this latest addition reboots iPhones that haven’t been unlocked in a few days, putting them in a more secure “Before First Unlock” (BFU) mode. The BFU state, which kicks in after a device restarts, requires the phone’s passcode for access, limiting what data forensic experts can extract.
404 Media first reported police concerns over the feature, explaining that in iOS 18.1, Apple added code that triggers a restart if the phone has been locked for four days. Chris Wade, founder of Corellium—a mobile analysis company—pointed this out, and Dr.-Ing. Jiska Classen of the Hasso Plattner Institute shared screenshots showing the code.
Apple indeed added a feature called "inactivity reboot" in iOS 18.1. This is implemented in keybagd and the AppleSEPKeyStore kernel extension. It seems to have nothing to do with phone/wireless network state. Keystore is used when unlocking the device.https://t.co/ONZuU9zVt2 https://t.co/4ORUqR6P6N pic.twitter.com/O3jijuqpN0
— Jiska (@naehrdine) November 8, 2024
IOS and Android devices enter this BFU state on reboot, requiring a passcode or PIN to unlock the phone fully. As confirmed by Dakota State University’s digital forensics lab, this makes it much harder for forensic experts to access device data.
Apple hasn’t commented on this new reboot feature, but it aligns with the company’s ongoing effort to strengthen iPhone security. For years, Apple has been resisting pressure from law enforcement to create encryption backdoors, even as authorities search for alternative methods to access locked devices.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.