It would be beyond hilarious if Apple now went and implemented this safeguard. I don't even think a hard reboot would be necessary, simply if the phone hasn't had reception for some preset period of time, or if there's been more than some amount of incorrect logins, or no successful logins in some given amount of time, revert everything to the freshly booted state, encryption and all.
Great to see Apple taking a firm stance on this, this above other fancy features maintain customer loyalty.
People often point out the law enforcement case for breaking into phones but conveniently forget that the very same security holes used by law enforcement are used to make stealing phones more profitable and by other nation-states to spy, commit corporate espionage, etc.
It's not based on communication, though. It's based on how long it's been since the phone was last unlocked - which is an even stronger safeguard, since it can't be spoofed.
Apple doesn't save your physical SIM PIN, so it would mean leaving your phone untouched for a while would automatically make it unreachable, since you need to enter the SIM PIN after a reboot.
Untouched and out of range of all cellular networks (disregarding the SIM), most likely; we don’t know how long, though.
If your phone hasn’t connected to a cellular network in weeks and is locked in a stationary box 23.9 hours a day or more, then I’m not sure I would be surprised if it becomes automatically unreachable in this way eventually — it’s becoming unreachable any time it reboots for an overnight iOS update already, right? so an inactivity reboot isn’t going to have a worse impact than that already does.
(Note that physical SIMs were discontinued in late 2022 models, but it allows you to set an eSIM PIN with the same effect.)
I wonder how many people that would actually affect? All iPhones that support iOS 18 support eSIM. Starting with iPhone 14 all iPhones except the SE have only had eSIM.
I would guess that most people with only one SIM go with eSIM if they phone supports it.
You can put a PIN on an eSIM, but is there really much point? My understanding is that the main point of a SIM PIN is so that someone cannot transfer your physical SIM to another phone.
Without a PIN someone could steal your phone and even if they could not get past the phone lock they could just move the physical SIM to their phone and thus take over your phone number. They don't even need to steal your phone--they just need access to it for a few seconds to remove the SIM.
That's not the case with eSIM.
You might want a PIN to keep others from making/receiving calls if they have access to your unlocked phone, but because SIMs permanently lock after 3 failed unlock attempts (with no timeout--a mistake today, another a year from now, and another two years after that and it locks) that's probably asking for trouble.
Actually, it would be beyond reckless for Apple to do anything other than implement this as a safeguard. The cops just gave up the game. Their only way into a locked phone is one in an AFU state. Apple doesn't give backdoors to law enforcement, so in lieu of Apple being able to patch this vulnerability, they absolutely should implement protections against it, including this one we just heard from the horse's mouth.
If Apple doesn't make this an official feature, or worse: fixes this issue for the convenience of law enforcement, we need to read that as Apple selling out our privacy to the government.
Apple is in a weird position, on one hand they HAVE to give us government way to access people's iphone (CIA, NSA), and in a less direct way to the whole us government (local cops). On the other hand, privacy is a main point of their marketing so they have to look like they do things to protect it's users.
So they obviously have direct backdoor for the big ones like cia, and they let some wiggle room for 'security' companies that sell 0day exploit to local cops. If they didn't do, there would be lobbies until inevitably they too get their backdoor, which would look bad for apple. It would kill the myth of iphone privacy, any cop could leak about it.
I suspect this is either a bug or a feature that won't really prevent cops from accessing suspect's iphones, they will be annoyed until their 'unlock tool' get updated.
Don't count on Apple to actually fight any government to protect their customer privacy. If they did so, they would never have set up an alternate icloud on CCP controlled server for their Chinese customer, they Would have gone out of Chinese market.
"While all of the vulnerabilities were zero-day bugs when patched, one attracted particular attention, because it turned out to be an undocumented hardware vulnerability.
Larin described the bug as “insane”, saying it’s a hardware feature in Apple’s A12 to A16 Bionic system-on-chip (SoC).
The feature, he said, allows attackers to “bypass the hardware-based kernel memory protection” in target iPhones, if they write data to “unknown memory-mapped input-output (MIMO) hardware registers” that Apple’s firmware doesn’t use.
Larin said the research team found six undocumented MIMO addresses used by the Triangulation exploit, which “basically, bypass all hardware-based kernel memory protections”.
He said they appear to be ARM/Apple CoreSight debug registers for GPUs, since they’re nearby identified MIMO registers.
In a statement, Larin said that "due to the closed nature of the iOS ecosystem, the discovery process was both challenging and time-consuming.”
Would the condition be irritating for me when am taking a very long multi transit flight and prefer to keep my phone on airplane mode because am trying to read My ebooks on my kindle during the journey and my phone keeps rebooting …
Airplane mode isn't the same as putting the phone inside a Faraday cage. The phone can tell the difference. Even in airplane mode the phone could receive rf; airplane mode is just supposed to disable transmission.
I think this is simply a matter of finding good defaults. In my opinion, the order of magnitude should be how many days without reception, not how many hours. A week sounds like a sane baseline for me, since that is more than ample time for most people to end up in a situation where you're connected again. Likewise you could reset the counter on a successful unlock. On the flip side, a week is not enough time to reasonably bruteforce anything if the time you have to wait before each retry goes up with every failure.
I dont think it is related to how long it has or not reception.
Also, it would be easy for cops to create a spoofed celular network to keep those phones with reception.
It look like it is based on how long since phone was last unlocked, i would say 1 week is even a big long in this case.. Just a couple of days should be more then enough.
Depending on the phone model and OS, airplane mode may disable Wi-Fi and Bluetooth, but it won't turn off GPS. If the iPhone is one of those devices, it could detect a fast elevation change and not reboot the phone until it comes back down in elevation in a motionless state.
