New Apple security feature reboots iPhones after 3 days, researchers confirm

Periodic reboots are actually a PCI requirement for payment terminals heh, basically every point of sale on the market reboots every 24h.

Seems like a good defence in depth strategy. These days most systems have a pretty good boot chain security, so after a reboot you know the system is in a valid state and any potential malicious changes have been flushed out.

And Boeing 787 airplanes

Yeah I reboot my iPhone every weekend whether it needs it or not.

also, pretty necessary for the Prism program at the NSA to reinstall and update their firmware

Probably also helps with other kinds of transient hardware faults (and cosmic-rays) that can cause bitflips.

That said, on principle, there is no reason why ECC RAM should not be the standard (c.f. Linus Torvald’s ire at Intel using ECC as a market-segmentation ploy)

But wait for security cargo-culters call it "security by obscurity"

All that private key nonsense falls in this bucket as well. What else is a private key than an attempt to guard your system behind a thin veil of "an obscure number I know and you don't"? Classic security by obscurity.

The fact that Apple is adopting a similar approach for iPhones, is pretty much in line with that idea, just applied to personal data protection, isn't it?

Exactly! Especially in a world where systems are under constant attack

Isn’t Apple planning on turning iPhones into POS (point of sale) terminals?

Shouldn’t happen mid-flight though

This is so damn sad. I don't fully get why I have to reboot after kernel updates but accept it, but just every 3 days? Why?

So everything is security by obscurity?

Officially no, as one (or more secrets) are allowed

But given how some "security specialists" behave, I wouldn't put it past them

> reboots the phone if it’s not unlocked for 72 hours

Scheduled reboots would help more with clearing malware or transient errors.

But for now, for anyone periodically using the phone, which I bet is most users, the phone will never reboot automatically.

Not never; phones also reboot when there are critical OS updates to apply — and that happens as long as the phone is both charging and locked at any time during a vendor-defined daily maintenance window (usually something like 2AM-4AM in the user's local time.)

This happens even if the user just put the phone to sleep a moment ago. The only way to prevent it is to never leave your phone locked and charging at the same time.

Nothing wrong with security by obscurity. It's widely used and it is effective. Security is security. Usually there are easier and more effective methods though, so if it's your only security layer then you might have missed a few things.

> phones also reboot when there are critical OS updates to apply

Of course, or when they run out of battery, or you drop them too hard, etc. But realistically you could go for weeks or months without a reboot. From a transient fault or malware perspective, that might as well be never.

Read. It's only when you don't touch it for 3 days. And I bet if you didn't even touch it for 3 days you won't even notice if it has rebooted or not.

What do you mean "planning"? They already are in some places, including Apple Stores themselves. But more often you see iPads in that role with a bigger screen for customers. Are they doing the same behavior? (I don't see why not).

"Critical security updates" for iOS come ~weekly.

always has been...

> But for now, for anyone periodically using the phone, which I bet is most users, the phone will never reboot automatically.

Samsung has an auto-reboot daily feature and has been pushing it a lot (in form of annoying notifications and settings suggestions). In principle, it may not even be a bad idea - but for one fact:

Rebooting the phone effectively turns it off. Until the user unlocks the phone, it won't connect to phone network. AFAIK it also won't start any of the usual background processes that listen to notifications, and it might not even connect to Wi-Fi.

Those "security" measures make automated reboots an useless feature. There really is only one good time to auto-reboot, and that's when the user is sleeping. But no way anyone's doing that when it means their phone won't be able to receive calls. Even during the day, the phone randomly rebooting and remaining disconnected until the user notices - it's probably even worse, and I imagine anyone would disable this feature after first time it activated.

Sure they would. If the system was for interactive use, it likely requires some login or unlock password. If the system is supposed to respond to external events - such as receiving phone calls when the system in question is a phone - then a reboot will effectively disable it until the user notices.

This is definitely not true. Apple releases security updates about once a month.

How do you expect to swap out your kernel without restarting your machine?

Sounds like that's just you.

I'm not sure this is true.

I have a Samsung with this feature. It rebooted overnight and this morning it was in BFU state with several mail and sms notifications. It was also connected to wifi and the cellular network.

For the moment they have an external payment / card terminal; other than the card reader itself, I don't see why an iphone wouldn't work as a formal payment terminal.

It was true for my Galaxy S22, and is currently true with reboots after update. And yes, early on I had a situation where the phone rebooted overnight and remained stuck on the lock screen while disconnected from networks, until I woke up and noticed. Fortunately I didn't miss anything important, but after that I immediately reviewed all settings and disabled anything that could reboot the device automatically (including updates, which are set for manual installation now).

Don't know about apple, but on linux you can live patch a running kernel with security updates (kpatch/ksplice/...).

> receiving phone calls

don't be ridiculous, it's a _smart_ phone.

>>Rebooting the phone effectively turns it off. Until the user unlocks the phone, it won't connect to phone network. AFAIK it also won't start any of the usual background processes that listen to notifications,

Well yes, because the storage and all the apps are encrypted until you unlock your phone. So you could have all the apps boot up and start listening for events, but it would be at the cost of reduced security elsewhere. Not sure what the right solution is tbh, I think personally I'd rather have all of my data encrypted even if it means my phone isn't actually "active" after a reboot.

Right, which means that an attacker can trick your kernel into patching itself to do something malicious.

Only if you still use a sim pin otherwise the phone would only be unavailable for the duration of the reboot.

> Until the user unlocks the phone, it won't connect to phone network.

This is not true in my case (Samsung Galaxy S22+). The phone is fully operational after a reboot, connected to GSM, 5G and Wi-Fi

No it won't. My phone is completely operational after a reboot.

And automatic periodical reboots give hackers the piece they were missing. :)

Would interrupt my movie.

The main reasonable criticism would be that it obscures the things you missed from naive audits while still being accessible by an attacker. So you hide the issue from the "good guys" while not baring much entry by the "bad guys". I have seen this pattern emerge many times, because what is obscure to you may not be obscure to someone else. So it /causes/ you to miss things.

It already does.

Part of the new PCI standard called "Software based PIN entry on COTS" [1] which is also known generically as "PIN on glass".

Banks are now offering it to one-person trade companies etc [2].

[1] https://blog.pcisecuritystandards.org/new-faqs-on-software-b...

[2] https://www.westpac.com.au/business-banking/merchants-and-pa...

True, although for a remote attack there's no reason it can't just be reinfected after the reboot.

Yours might. My SIM, however, automatically locks on reboot. It came like that.

All the phones I have used were like this (Samsung, Google, Xiaomi, Redmi, Oppo - across years and years of models).

I am surprised you write that the SIM is locked upon reboot. What does this mean in technical terms? Do you mean that you have to enter the SIM PIN when your phone reboots?

> Do you mean that you have to enter the SIM PIN when your phone reboots?

Yes.

I can cancel the popup and then still use the rest of the phone, but when I do that I have no cellular network access until I unlock the SIM itself.

For the avoidance of confusion, the SIM PIN is independent of the phone PIN.

Ah, this is the normal behaviour of a SIM card. You can disable this PIN at startup (a setting in the phone). This is not recommendable, though, because if your phone gets lost or stolen your SIM may be used in a "layer" (a device that will make premium calls or SMS, the name is derived from a hen (that lays eggs)).

The solution is to use an eSIM - you can disable the PIN at bootup because it is protected by the phone lock anyway and will be operational immediately.