iOS Inactivity Reboot

When losing a phone, preventing thieves from accessing your data is essential. One of the most effective things to prevent data extraction is a reboot – but how to reboot a phone that you no longer possess? In iOS 18, Apple silently introduced automated reboots, designed to restart iPhones in such situations. But how does it work and which attacks does it prevent?

Apple’s new “Inactivity Reboot” feature restarts an iPhone that was not unlocked with the correct passcode after three days. This idea is not entirely new: GrapheneOS, a security-focused Android project, implements a similar auto-reboot feature. The connection between security and reboots might not be obvious. However, encryption that protects most user data only is effective after reboot and before first unlock. After first unlock, user data is decrypted and stays accessible to so-called zero-click attacks, even on locked phones.

This talk focuses on how Apple implemented inactivity reboot and what it protects. For the implementation part, you’ll learn how to get hints about new features that Apple added, where to start reverse engineering in user space and the kernel, and eventually end up in the encrypted Secure Enclave Processor (SEP) firmware.