Apple inserts covert auto-reboot security feature in iOS 18.1

Apple (NASDAQ:AAPL) covertly inserted a new security feature in iOS 18.1 that automatically prompts iPhones to reboot after 72 hours of inactivity.

The new feature, dubbed “inactivity reboot,” was first reported by 404 Media. Law enforcement and forensic experts noticed that confiscated phones were rebooting themselves, making it more difficult to extract information.

“iOS 18 comes with improved anti-theft measures,” said Jiska Classen, a mobile and wireless researcher at the Hasso Plattner Institute, in a post on X yesterday. “Three days w/o unlock, the iPhone will reboot, preventing thieves from getting your data.”

While this security measure makes it nearly impossible for a common thief to acquire access to a user’s date, law enforcement can still acquire information from the phone if necessary.

“Inactivity reboot puts your iPhone into ‘Before First Unlock’ state, effectively locking encryption keys in the Secure Enclave Processor,” Classen said. “Even if thieves leave your iPhone powered on for a long time, they won’t be able to unlock it with cheaper, outdated forensic tooling.”

“While inactivity reboot makes it more challenging for law enforcement to get data from devices of criminals, this won’t lock them out completely,” she added. “Three days is still plenty of time when coordinating steps with professional analysts.”

What’s more, the iOS 18.2 update allows users to enable the Stolen Device Protection during setup. This feature, which prevents thieves from accessing data with only a PIN, was previously only found deep within the Settings menu.

Seeking Alpha reached out to Apple regarding the new feature, but they did not respond.

Apple shares ticked up 1.5% during Thursday afternoon trading.