←back to thread

Reverse Engineering iOS 18 Inactivity Reboot

(naehrdine.blogspot.com)
511 points moonsword | 2 comments | 17 Nov 24 21:50 UTC | HN request time: 0.431s | source
Show context
thrdbndndn ◴[18 Nov 24 01:27 UTC] No.42168908[source]
Two questions:

1. surely unconditionally rebooting locked iPhones every 3 days would cause issues in certain legit use cases?

2. If I read the article correctly, it reboots to re-enter "Before First Unlock" state for security. Why can't it just go into this state without rebooting?

Bonus question: my Android phone would ask for my passcode (can't unlock with fingerprint or face) if it thinks it might be left unattended (a few hours without moving etc.), just like after rebooting. Is it different from "Before First Unlock" state? (I understand Android's "Before First Unlock" state could be fundamentally different from iPhone's to begin with).

replies(7): >>42168981 #>>42169169 #>>42169203 #>>42169266 #>>42169304 #>>42170569 #>>42171458 #
1. spijdar ◴[18 Nov 24 02:42 UTC] No.42169266[source]
The short answer to your last two questions is that “before first unlock” is a different state from requiring the PIN/passcode. On boot, the decryption keys for user profile data are not in memory, and aren’t available until they’re accessed from the security coprocessor via user input. The specifics depend on the device, but for Pixel devices running GrapheneOS you can get the gist of it here: https://grapheneos.org/faq#encryption

The important distinction is that, before you unlock your phone for the first time, there are no processes with access to your data. Afterwards, there are, even if you’re prompted for the full credentials to unlock, so an exploit could still shell the OS and, with privilege escalation, access your data.

Before first unlock, even a full device compromise does nothing, since all the keys are on the <flavor of security chip> and inaccessible without the PIN.

replies(1): >>42169444 #
2. ◴[18 Nov 24 03:17 UTC] No.42169444[source]