iOS 18 Security Feature Causes iPhone to Reboot After Three Days of Inactivity

[meetree]

And Tim will gladly help them because thats how all these big boy companies work – you comply or you have problems

Yeah, but I really wonder how they declined this famous request to unlock the shooter’s phone. It could be a conspiracy theory, but Apple might have given some really good deal to the government in exchange for the opportunity to make great PR with a public fight for privacy.

 

[adrianlondon]

This is the Internet, where 345% of people make stuff up to clout chase

I think you'll find it's 346%.

 

[JonaM]

I would absolutely love to know how you think that somebody stole your iPhone and was unable to get into it yet they were able to access it to get your passwords or your password hint information for all of these different sites. I’m also curious how you’re able to know such a specific number That there has been thousands of attempts at passwords.

If the phone was unlocked when stolen you can view website history to see likely sites with accounts and you can get Safari to prompt for authentication to fill in the username password. Without the biometrics/passcode you can't fill in the password, but you can see what the username would be and use the request for a password hint on the website

 

[Shirasaki]

Security feature?

Nahh... I believe that a$$le discovered that many devices are used for home automation/media device/... and they are not happy...

Yeah Apple wants people to buy HomePods and Apple TV for those, rather than reusing old iPhones.

 

[colinhash]

To be honest this is pretty inconvenient for me, especially that it isn’t configurable.

I’m an expat and I keep a second iPhone with a US eSIM that never goes off airplane mode + Wi-Fi calling. With iMessage, SMS forwarding and enabling calls on nearby iPhones, everything is easily forwarded to my main iPhone. It stays plugged in at home and I can usually go weeks without touching it. Now if I leave home for a week…. I’m out of luck. :/

I don’t have a lot that still gets sent to my US number, but a few services I’m signed up for still send 2FA messages to that number. It’s also way easier for Grandma to keep calling me on my old number.

I would love it if I could use dual eSIM and just keep one number only using WiFi Calling, but unfortunately that’s not possible.

Hopefully Apple takes the feedback and makes it configurable.

 

[Eriamjh1138@DAN]

Can’t Before First Unlock also be triggered by activating and canceling an emergency call? I’ve read this is what you should be if law enforcement demand your phone.

No. The phone is encrypted after reboot. The passcode is required to unencrypt after a reboot. That’s why BFU mode is so hard to get data from.

whoa the cops were lying about proximate iphones causing other iphones to reboot? I’m shocked the police would lie!

Those were rectally extruded guesses as to how it was rebooting. Theories based on a lack of evidence, (I know… cops, right?).

And before Apple said “Duh, they reboot after 72hrs of sitting”.

 

[Be Cloud Savvy]

As long as Find My still works upon reboot, I dont think this will affect majority of the users. I do not really see how this would affect anyone, I could be wrong though. Are there any use cases that gets affected?

It has historically - my iPhone 13 Pro was stolen in August, 2023. I immediately enabled lost mode (via my iPad Pro, which was with me at the time of the theft). For more than a year I was able to receive Find My notifications whenever it would be powered on.

I had all the most secure settings enabled before the theft of the device (I teach entrepreneurs, small businesses, high net worth individuals and travelers best practices when it comes to their devices, finances and identity).

 

[Be Cloud Savvy]

To be honest this is pretty inconvenient for me, especially that it isn’t configurable.

I’m an expat and I keep a second iPhone with a US eSIM that never goes off airplane mode + Wi-Fi calling. With iMessage, SMS forwarding and enabling calls on nearby iPhones, everything is easily forwarded to my main iPhone. It stays plugged in at home and I can usually go weeks without touching it. Now if I leave home for a week…. I’m out of luck. :/

I don’t have a lot that still gets sent to my US number, but a few services I’m signed up for still send 2FA messages to that number. It’s also way easier for Grandma to keep calling me on my old number.

I would love it if I could use dual eSIM and just keep one number only using WiFi Calling, but unfortunately that’s not possible.

Hopefully Apple takes the feedback and makes it configurable.

Consider porting or associating your number to Google Voice, and using the Google Voice app on your iOS devices and/or via Safari on any laptop or desktop - from anywhere in the world.

 

[jasonsmith_88]

Most people use 4G and 5G networks without even knowing triangulation is almost the same thing as geolocation nowadays and that the website can see your phone number.

Lol wut. Websites cannot triangulate your position from your cellular connection nor can they see your phone number.

Even if one choses to cloud wipe a device all the data can still be recovered, if they would need to unsolder motherboard components for that – they will do it.

The data is encrypted. Unsoldering motherboard components doesn’t magically break encryption.

You should stop talking about things you know nothing about.

 

[rbbloom99]

The police often require a court order to force one to turn over their passcode.

However, a police officer and/or robber holding you at, say gunpoint for example, can simply open the iPhone to its locked screen and point your phone at your face. Wala, iPhone is unlocked (assuming Face ID is turned on). I tried this with my wife's phone, and it works like a charm.

I turn my face ID off when traveling to foreign countries.

 

[Tago]

The police often require a court order to force one to turn over their passcode.

However, a police officer and/or robber holding you at, say gunpoint for example, can simply open the iPhone to its locked screen and point your phone at your face. Wala, iPhone is unlocked (assuming Face ID is turned on). I tried this with my wife's phone, and it works like a charm.

I turn my face ID off when traveling to foreign countries.

A court or police cannot force you to remember a code, a pattern or anything. .

 

[PBG4 Dude]

I think this is a very good feature. I also think that people should set their Apple ID to private on their devices so that it isn’t viewable much less able to be changed. You can do that by going to Settings > Screen Time > Content and Privacy Restrictions toggle on > scroll down to account and toggle ’don’t allow’ changes.’

Oh wow, I didn’t know about this feature! Thank you! 👍

 

[colinhash]

Consider porting or associating your number to Google Voice, and using the Google Voice app on your iOS devices and/or via Safari on any laptop or desktop - from anywhere in the world.

I have some memory of google voice not playing nicely with short codes (which are what is usually sending 2FA codes), but maybe something has changed! I also really like having my US number on iMessage.

(I recognize I might not have the most efficient solution, but if it ain’t broke… well, maybe it’s about to be broken with this new security feature 😅)

 

[godofredog]

I would absolutely love to know how you think that somebody stole your iPhone and was unable to get into it yet they were able to access it to get your passwords or your password hint information for all of these different sites. I’m also curious how you’re able to know such a specific number That there has been thousands of attempts at passwords.

I started getting notifications of login attempts from every site that has 2-factor authentication and password change requests. If they were able to get my passwords, why would they request a password change? And I don't "think somebody stole my iPhone", I was robbed while walking my dog with a gun pointing at my face.

"Thousands" is not an specific number. In fact, I used that expression because there have been MANY notifications of login attempts and password change requests from mutiple sites and apps, but I have not counted them so I don't have a specific number.

 

[spillled typos]

It'd be nice to be able to customize this. If I didn't touch my phone for even just 5 hours (during the day) then something sus is going on.

 

[godofredog]

If the phone was unlocked when stolen you can view website history to see likely sites with accounts and you can get Safari to prompt for authentication to fill in the username password. Without the biometrics/passcode you can't fill in the password, but you can see what the username would be and use the request for a password hint on the website

The phone was locked, they tried to unlock with my face but I closed my eyes and the phone didn't unlock, fortunatelly for me they had to get out fast because my dog was barking and we all were making a lot of noise, they got scared and ran off.

 

[MakaniKai]

I wish they let the user setup that feature to increase or decrease the time it takes to reboot when not in use. I think this is a great anti-theft feature to make it harder for the bastards to get into the phone's data. My iPhone was robbed in February 2024 and since then there have been thousands of login attempts into every single service that I use in my phone. They may have not been able to access all the information, but they managed to get hints of all the web pages and apps that I use and the login, username and/or email address (not the passwords as far as I can tell), specially online shopping sites and apps.

I would love to be able to setup my phone to reboot every 12 hours or so, I don't care waiting for a few munites to use my phone.

You could make an automation that reboots your phone every day at a specific time. I don't know how you could make it detect if the phone is in use so it doesn't reboot while you're using it, but there might be a way. Or you could set it to reboot at like 3AM when you're likely not using it.

 

[ifxf]

Apple is taking security to a level where it is becoming a pain to use Apple devices. Of course, they never allow you to disable any of these features.

 

[godofredog]

Some of those information can be obtained by triggering login attempts, sending requests for OTP etc. Email will be sent and he would have some idea. Also for some websites who don‘t employ frequent session timeout he could receive login attempts emails showing an unknown location. he can also check his account login details for sites that support it.

Mostly password change and OTP requests, that is how I know they are trying to access my accounts. For Amazon and iCloud the OTP requests show a map of where the request is coming from, and those requests came from El Salvador. I also got notifications from Google, Instagram, and many shopping sites that I use, some of those sites are very specific for my business so I can say for sure it's not random, they managed to identify the sites I use and the login/username for some (not sure if all).

 

[godofredog]

You could make an automation that reboots your phone every day at a specific time. I don't know how you could make it detect if the phone is in use so it doesn't reboot while you're using it, but there might be a way. Or you could set it to reboot at like 3AM when you're likely not using it.

I will try this for sure. Thanks!!

 

[MakaniKai]

I will try this for sure. Thanks!!

Sure! I tried to share the automation but I don't know how. Here's what I did basically:

1. Open Shortcuts App
2. Automations Tab at bottom
3. "+" at top right
4. Choose "Time of Day"
5. Pick your time... like 3AM Daily
6. Choose "Run Immediately" at the bottom (so it doesn't prompt you to reboot).
7. Next
8. "New Blank Automation"
9. Search for "Shut Down" and click the first result.
10. Tap on the blue "Shut Down" label and change it to "Restart"
11. Done

Also pinging a couple other people who wanted this feature...

I agree! Except for when I'm sleeping I rarely go more than a few hours without unlocking my phone. Would like to set the time to 12 hours or temporarily even shorter than that. For example when travelling to areas where there is an elevated risk of theft, like Rio de Janeiro, to name just one example.

Would also be nice if you could set a specific time for reboot, like 3 am in the morning.

 

[demwun]

This reeks rebranding a reboot bug into a feature. Like they did previously "introducing" hidden/deleted photos albums, when deleted photos were re-appearing.

I recall reading something where it made it significantly more difficult for law enforcement and other entities to brute force their way into the device? I might be wrong though.

 

[uacd]

The data is encrypted. Unsoldering motherboard components doesn’t magically break encryption

They have the tools needed for decryption as well as Apple provides all the stuff they need for that. As Apple never tells which security protocols they actually use, as well as thanks to closed source nature of their software no one can’t assess that.

Lol wut. Websites cannot triangulate your position from your cellular connection nor can they see your phone number.

While phone number detection requires some specific hacking techniques that are much more complicated, getting an approximate location (or even almost precise location) is not a problem – carriers give info to which cellular towers the phone is connected to. Some cellular towers even serve as a cover for tracking user activity, usually used by governmental agencies. The way out of it – ejecting sim card or enabling airplane mode and using device wifi only. The only question is whether one would love to do that for just having “more privacy”

 

[Stellarspace]

My iPad (7th generation) restarts after 3 days of inactivity too, but Touch ID has to be active. I wish there was a way to disable the feature.

 

[uacd]

Yeah, but I really wonder how they declined this famous request to unlock the shooter’s phone. It could be a conspiracy theory, but Apple might have given some really good deal to the government in exchange for the opportunity to make great PR with a public fight for privacy.

Ooh that was a very interesting case. Publicly Apple “didn’t help” FBI, but something doesn’t add up: in the end FBI were able to hack the phone and Apple decided not to sue the federal bureau in exchange. I think they agreed to provide the keys but asked feds not to tell anyone to avoid all extra bad publicity. Sure maybe it is just a conspiracy theory but I was thinking: why then we hadn’t had any similar cases in years since then and hackers still win prizes for finding security holes in Apple’s software year after year?

And unfortunately the amount of shootings throughout the United States only increased since then, I doubt the shooters used some ancient Nokias and threw them in trashbins after each call like we are used to see in all those fancy Netflix movies. Since iPhone is the main smartphone used in USA, Apple obviously has to cooperate when something like that happens, government just won’t tell about that since “a deal is a deal”, tho leaks happen often as Jack Teixeira’s case proves