Most active commenters
  • grahamj(3)
  • aspenmayer(3)
  • duskwuff(3)

←back to thread

Reverse Engineering iOS 18 Inactivity Reboot

(naehrdine.blogspot.com)
511 points moonsword | 20 comments | 17 Nov 24 21:50 UTC | HN request time: 0.9s | source | bottom
Show context
threeseed ◴[17 Nov 24 23:40 UTC] No.42168350[source]
I suspected this was being managed in the Secure Enclave.

That means it's going to be extremely difficult to disable this even if iOS is fully compromised.

replies(1): >>42168578 #
karlgkk ◴[18 Nov 24 00:23 UTC] No.42168578[source]
If I’m reading this right:

Reboot is not enforced by the SEP, though, only requested. It’s a kernel module, which means if a kernel exploit is found, this could be stopped.

However, considering Apple’s excellent track record on these kind of security measures, I would not at all be surprised to find out that a next generation iPhone would involve the SEP forcing a reboot without the kernels involvement.

what this does is that it reduces the window (to three days) of time between when an iOS device is captured, and a usable* kernel exploit is developed.

* there is almost certainly a known kernel exploit out in the wild, but the agencies that have it generally reserve using them until they really need to - or they’re patched. If you have a captured phone used in a, for example, low stakes insurance fraud case, it’s not at all worth revealing your ownership of a kernel exploit.

Once an exploit is “burned”, they distribute them out to agencies and all affected devices are unlocked at once. This now means that kernel exploits must be deployed within three days, and it’s going to preserve the privacy of a lot of people.

replies(6): >>42168622 #>>42168651 #>>42168686 #>>42168793 #>>42168941 #>>42169466 #
1. toomuchtodo ◴[18 Nov 24 00:31 UTC] No.42168622[source]
Would be nice if Apple would expose an option to set the timer to a shorter window, but still great work.
replies(3): >>42168670 #>>42168683 #>>42168816 #
2. jojobas ◴[18 Nov 24 00:42 UTC] No.42168670[source]
Or to disable it entirely. Someone could set up and ipad to do something always plugged in, would be bloody annoying to have it locked cold every three days.
replies(4): >>42168688 #>>42168692 #>>42168904 #>>42168980 #
3. alwayslikethis ◴[18 Nov 24 00:45 UTC] No.42168683[source]
In GrapheneOS, you can set it to as little as 10 minutes, with the default being 18 hours. That would be a lot more effective for this type of data exfiltration scenario.
4. mjevans ◴[18 Nov 24 00:46 UTC] No.42168688[source]
I'd rather have a dedicated Kiosk mode that has a profile of allow-listed applications and one or more that are auto-started.
replies(1): >>42168871 #
5. grahamj ◴[18 Nov 24 00:48 UTC] No.42168692[source]
Conspiracy theory time! Apple puts this out there to break iPad-based DIY home control panels because they're about to release a product that would compete with them.
replies(3): >>42168814 #>>42168949 #>>42168970 #
6. aspenmayer ◴[18 Nov 24 01:12 UTC] No.42168814{3}[source]
It’s more likely than you think!

> Apple's Next Device Is an AI Wall Tablet for Home Control, Siri and Video Calls

https://news.ycombinator.com/item?id=42119559

via

> Apple's Tim Cook Has Ways to Cope with the Looming Trump Tariffs

https://news.ycombinator.com/item?id=42168808

7. technics256 ◴[18 Nov 24 01:13 UTC] No.42168816[source]
You can do this yourself with Shortcuts app.

Create a timer function to run a shutdown on a time interval you order. Change shutdown to "restart".

replies(1): >>42168955 #
8. aspenmayer ◴[18 Nov 24 01:20 UTC] No.42168871{3}[source]
Maybe one or two of these will do what you want?

https://support.apple.com/en-us/105121

> With Screen Time, you can turn on Content & Privacy Restrictions to manage content, apps, and settings on your child's device. You can also restrict explicit content, purchases and downloads, and changes to privacy settings.

https://support.apple.com/en-us/111795

> Guided Access limits your device to a single app and lets you control which features are available.

replies(1): >>42168975 #
9. ◴[18 Nov 24 01:26 UTC] No.42168904[source]
10. ◴[18 Nov 24 01:33 UTC] No.42168949{3}[source]
11. KennyBlanken ◴[18 Nov 24 01:33 UTC] No.42168955[source]
You clearly haven't tried it or even googled it - because it's impossible to do it unattended. A dialog pops up (and only when unlocked) asking you to confirm the reboot. It's probably because they were worried users might end up in a constant reboot/shutdown cycle, though presumably they could just implement a "if rebooted in the last hour by a script, don't allow it again" rule.
12. duskwuff ◴[18 Nov 24 01:35 UTC] No.42168970{3}[source]
> Apple puts this out there to break iPad-based DIY home control panels

If you were using an iPad as a home control panel, you'd probably disable the passcode on it entirely - and I believe that'd disable the inactivity reboot as well.

replies(2): >>42169263 #>>42177638 #
13. duskwuff ◴[18 Nov 24 01:37 UTC] No.42168975{4}[source]
Or "single-app mode", which is a more tightly focused kiosk mode:

https://support.apple.com/guide/apple-configurator-mac/start...

14. stephen_g ◴[18 Nov 24 01:39 UTC] No.42168980[source]
I’m not sure, but I wouldn’t expect the inactivity timeout to trigger if the device was already in an unlocked state (if I understand the feature correctly) so in kiosk mode or with the auto screen lock turned off and an app open I wouldn’t expect it to happen.
replies(1): >>42169007 #
15. jojobas ◴[18 Nov 24 01:44 UTC] No.42169007{3}[source]
Maybe you want it locked and only showing notification headers.
replies(1): >>42169119 #
16. stephen_g ◴[18 Nov 24 02:13 UTC] No.42169119{4}[source]
Having to put your passcode in every three days is not the end of the world. It would make sense also that if you turned off the passcode entirely it also wouldn’t restart.
17. aspenmayer ◴[18 Nov 24 02:41 UTC] No.42169263{4}[source]
You could also set the auto-lock in display settings to never.
replies(1): >>42177639 #
18. grahamj ◴[18 Nov 24 22:06 UTC] No.42177638{4}[source]
I dunno, does this SEP check only happen when the device is locked? I don’t recall that being mentioned.
replies(1): >>42180390 #
19. grahamj ◴[18 Nov 24 22:06 UTC] No.42177639{5}[source]
I dunno, does this SEP check only happen when the device is locked? I don’t recall that being mentioned.
20. duskwuff ◴[19 Nov 24 05:47 UTC] No.42180390{5}[source]
I can't imagine how "time since last unlock" would even work for a device with no passcode, since the user never explicitly unlocks the device. Besides, a reboot wouldn't do anything useful in that configuration; with no passcode, user data is always accessible.