Apple has quietly introduced a robust security mechanism in iOS 18 designed to thwart unauthorized access: an “inactivity reboot” feature. Forensic experts and security researchers have confirmed that iPhones will now automatically restart if they remain locked for 72 consecutive hours, significantly hardening the device against data extraction attempts.
Understanding the Inactivity Reboot
The feature acts as a sophisticated anti-theft measure. By forcing a reboot after three days of inactivity, the iPhone transitions into a more secure state, effectively locking the user’s encryption keys within the device’s Secure Enclave chip. This makes it substantially harder for third-party forensic tools to bypass security protocols.
Jiska Classen, a researcher at the Hasso Plattner Institute, provided visual confirmation of the feature, demonstrating that an iPhone left untouched will indeed trigger a restart precisely at the 72-hour mark.
See the latest iOS inactivity reboot in action!
iOS 18 comes with improved anti-theft measures. Three days w/o unlock, the iPhone will reboot, preventing thieves from getting your data. (1/4) pic.twitter.com/H24Tfo1cSr
— Jiska (@naehrdine) November 13, 2024
This functionality has also been verified by Magnet Forensics, a firm specializing in digital forensic products, including the widely used Graykey tool.
Impact on Forensic Investigations
The primary point of contention involves the two operational states of an iPhone: “Before First Unlock” (BFU) and “After First Unlock” (AFU). These states are frequently referred to by researchers as “cold” and “hot” devices.
- AFU (Hot): Occurs after a user has entered their passcode at least once since the last reboot. In this state, certain data remains unencrypted in memory, which forensic companies often exploit to extract information.
- BFU (Cold): Occurs immediately after a reboot. Data is fully encrypted, making it exceptionally difficult to access without the correct passcode.
By forcing a transition from AFU to BFU, the inactivity reboot renders many forensic tools ineffective. “Even if thieves leave your iPhone powered on for a long time, they won’t be able to unlock it with cheaper, outdated forensic tooling,” Classen noted. While this creates a hurdle for law enforcement, experts point out that 72 hours remains a significant window for professional investigators to coordinate their efforts.
A Long-Standing Conflict
This development adds another chapter to the ongoing friction between Apple and law enforcement agencies. Authorities have historically pushed back against Apple’s security enhancements, claiming they impede criminal investigations. The most notable instance occurred in 2016, when the FBI attempted to compel Apple to create a backdoor for an iPhone involved in a mass shooting—a request the company resisted until the device was eventually accessed via third-party exploits.
Despite the growing pressure from forensic firms and law enforcement, Apple continues to prioritize user privacy and device security, maintaining its stance on encryption. The company has not provided a formal comment regarding the specifics of this update.