Most active commenters
  • chatmasta(4)

←back to thread

New Apple security feature reboots iPhones after 3 days, researchers confirm

(techcrunch.com)
286 points joegibbs | 20 comments | 15 Nov 24 01:55 UTC | HN request time: 0s | source | bottom
Show context
SoftTalker ◴[15 Nov 24 02:32 UTC] No.42143463[source]
If this is true, then it's a trivial enhancement to make that a configurable setting. 72 hours could be the default, if your security needs are higher, you could turn that down to 12 hours, or even less.
replies(5): >>42143486 #>>42143699 #>>42144046 #>>42144580 #>>42145188 #
1. chatmasta ◴[15 Nov 24 03:22 UTC] No.42143699[source]
If this were configurable, I would make it 30 minutes and increase it if I noticed any inconvenience. But I doubt that I would. I already have my phone in permanent do-not-disturb (so a reboot causing delayed notifications wouldn't be an issue), and it's not like I mind entering my passcode instead of FaceID every 30 minutes.
replies(4): >>42143720 #>>42143792 #>>42144287 #>>42144673 #
2. karlgkk ◴[15 Nov 24 03:26 UTC] No.42143720[source]
I don't know where you live, but in the US it's basically understood by the courts that FaceID is not protected, but PIN is.

So if your threat model includes the sort of attacker that has a phone exploit or the ability to confiscate it, you should not be using FaceID. Instead, consider using six digit PIN with auto-delete after 10 attempts. Also enable Lockdown Mode And if you use iCloud, enable Advanced Data Protection.

replies(1): >>42143730 #
3. chatmasta ◴[15 Nov 24 03:29 UTC] No.42143730[source]
Yeah, I consider FaceID to be basically a time-limited vulnerability akin to "remember me," because unlocking is a matter of just showing your face. It's convenient and I like it, but I don't get too upset when it asks me to enter a PIN (although I am annoyed when it doesn't respond well to the "swipe up to enter passcode").
4. duskwuff ◴[15 Nov 24 03:43 UTC] No.42143792[source]
30 minutes would be excessive. Keep in mind that the phone is unusable while it's rebooting, and that rebooting uses a nontrivial amount of power.
replies(2): >>42143853 #>>42144546 #
5. chatmasta ◴[15 Nov 24 04:01 UTC] No.42143853[source]
Rebooting takes ~7 seconds and ideally only happens when I attempt to use it.

But regardless of that.... why does it take a nontrivial amount of power?

replies(3): >>42144072 #>>42144274 #>>42144515 #
6. klausa ◴[15 Nov 24 04:56 UTC] No.42144072{3}[source]
Because booting is relatively CPU-intensive, compared to being at idle.

But iPhones do not boot in 7 seconds either — it's closer to 40. At least that's what it took on my 16 Pro Max right now when I tested it.

replies(1): >>42144586 #
7. asadotzler ◴[15 Nov 24 05:53 UTC] No.42144274{3}[source]
wow. that's quick. my two year old galaxy takes ~37 seconds.
8. bigiain ◴[15 Nov 24 05:55 UTC] No.42144287[source]
I don't trust FaceID (technically, I don' trust the cops with FaceID), so I'm entering my (6 digit) PIN every time I take my phone out of my pocket anyway. The only thing that'd make me hesitate to set this down to single digit minutes would be the risk of missed calls/notifications while the phone reboots.
replies(1): >>42144555 #
9. forgotoldacc ◴[15 Nov 24 06:57 UTC] No.42144515{3}[source]
I'd love to know what model of iPhone you have a see a video of it shutting down and starting back up in 7 seconds. Sounds like an incredible piece of hardware.
10. karel-3d ◴[15 Nov 24 07:03 UTC] No.42144546[source]
Also you cannot read your notifications, if I am not wrong.

I think 3 days is actually perfect

11. astrange ◴[15 Nov 24 07:05 UTC] No.42144555[source]
If you're outside the house that's less secure, because a security camera or a shoulder surfer can see your PIN.
replies(2): >>42144750 #>>42145072 #
12. fnueiwfg923 ◴[15 Nov 24 07:14 UTC] No.42144586{4}[source]
My iphone 15 just rebooted in 12 seconds.
replies(1): >>42144764 #
13. babyent ◴[15 Nov 24 07:33 UTC] No.42144673[source]
Speaking of Face ID, I still use the iPhone SE (latest edition).

I like Touch ID and I like the small form factor.

14. layman51 ◴[15 Nov 24 07:49 UTC] No.42144750{3}[source]
Agreed. I don’t understand how someone would be careful to not use biometrics and yet use a six digit passcode instead of an alphanumeric password.
15. oarsinsync ◴[15 Nov 24 07:53 UTC] No.42144764{5}[source]
Rebooted or turned on?

I had to create a shortcut to actually trigger a reboot, as I couldn’t find a reboot option in settings. My iPhone 13 mini on iOS 17.7.1 took 29 seconds.

16. curious_ralts ◴[15 Nov 24 08:54 UTC] No.42145072{3}[source]
Graphene has a feature exactly for this which shows a shuffled unlock screen
replies(1): >>42145489 #
17. saagarjha ◴[15 Nov 24 10:10 UTC] No.42145489{4}[source]
This sounds like an excellent way to make it even easier for people to watch you enter your PIN.
replies(1): >>42148462 #
18. cubesnooper ◴[15 Nov 24 16:36 UTC] No.42148462{5}[source]
Once you’ve had the PIN scramble turned on for a while, it becomes second nature. I enter my GrapheneOS scrambled PIN about as quickly as the unscrambled PIN on my non‐GrapheneOS work phone. But it’s more of a defense against figuring out my PIN from the finger marks on my screen.

In environments where shoulder surfing is a concern, I prefer to use the multiple profiles feature: log out of my main profile (which is actually a secondary profile) to completely evict its keys from memory, and switch to a burner secondary profile containing no personal data, which unlocks with my fingerprint for convenience.

replies(2): >>42155557 #>>42161715 #
19. saagarjha ◴[16 Nov 24 09:51 UTC] No.42155557{6}[source]
I am curious what you do with a phone that has no personal data beyond, like, call people whose number you have memorized and maybe look something up
20. chatmasta ◴[17 Nov 24 03:15 UTC] No.42161715{6}[source]
Second nature or not, I’m not sure how this protects you against the security camera watching you enter the passcode. I guess you’re hoping it can’t read the digit on each key?