A new iOS 18 security feature makes it harder for police to unlock iPhones

A new iOS 18 security feature has been discovered that reboots iPhones that haven't been unlocked in a few days, making it harder for police to break into suspects' iPhones. This feature causes the iPhone to enter a more secure "Before First Unlock" or BFU state. The "inactivity reboot" code was added in iOS 18.1 and triggers iPhones to restart after being locked for four days. The code was identified by Chris Wade, founder of mobile analysis company Corellium, and confirmed by Dr. Jiska Classen, a research group leader at the Hasso Plattner Institute. The feature is implemented in the keybagd and AppleSEPKeyStore kernel extension and is related to the phone's keystore, which is used when unlocking the device. When an iPhone is restarted, it enters the BFU state, requiring the user to enter their passcode or PIN to unlock the phone, limiting the data that can be extracted by forensics experts. Apple has not commented on the feature, but it is part of the company's efforts to make iPhones more secure over the years. This has put Apple at odds with law enforcement, which has sought to require encryption backdoors, but Apple has resisted these requests. Despite this, law enforcement has found ways to work around Apple's security measures. The new feature is likely to further frustrate police efforts to access iPhone data.