This reads more like a chain email forward than an actual analysis of the iPhone tech stack.
Fwd: Fwd: READ THIS!!! You won't believe what the iPhone does when off network and around other iPhones!!!
> It is believed that the iPhone devices with iOS 18.0 brought into the lab, if conditions were available, communicated with the other iPhone devices that were powered on in the vault in AFU. That communication sent a signal to devices to reboot after so much time had transpired since device activity or being off network.
The hypothesis doesn't make any sense because the phone doesn't need to communicate with other phones to decide to restart/lock based on lack of network signal.
> Matthew Green, a cryptographer and Johns Hopkins professor told 404 Media that the law enforcement officials' hypothesis about iOS 18 devices is "deeply suspect," but he was impressed with the concept.
GrapheneOS has a "reboot after x hours inactivity" feature specifically to prevent the scenario mentioned in the story. Otherwise leaving a phone powered on is a massive risk, especially if cops can keep it charged for months to wait for an exploit.
I very much doubt it. Far more likely to be a memory leak in the baseband which is exposed when the devices are unable to talk to the cellular network for a period of time.
Cops are some of the greatest "victims" in our society. Encryption will make their investigations more difficult. They'll be judged first by the basis of the race of their suspect and then by the suspected crime. Even bodycams (which they're now quick to hail as they're "recording too," when people record interactions with their phones) were going to impeded their ability to do their jobs.
There are fewer groups with so much power who see themselves as downtrodden. I could name others, but that'd be going off-topic.
Another option is that whatever bug cellebrite was exploiting to extract data from iPhones in AFU mode is now subtly not working, leading to unexpected reboots when attempting extraction.
I don’t think it’s other iPhones that are sending a signal. Rather, it’s probably a security option that’s easy for most people to overlook in the Settings app. I have little knowledge about iPhone hacking, but I think in the same place where you can say “delete my data after 10 failed passcode attempts”, you can also force ask for a passcode to start using accessories again if it’s been a long time since it’s been unlocked. But I don’t think I have ever seen anything around rebooting. That sounds like a very nice feature though since rebooting apparently is good for making sure the phone clears spyware access.
Why would the iPhones need to communicate in order to reboot? Just detect a lost network connection, add a timer, lack of normal user activity, some other signal, ....
> The digital forensics lab that noticed the issue had several iPhones in AFU state reboot, including iPhones in Airplane mode and one in a faraday box.
You can stop reading there. iOS 18 doesn't add freaking telepathy to phones. Whether it's a bug or a new feature Apple added that reboots phones under certain circumstances, it's not "iPhones communicating to force reboots".
I'm glad HN doesn't allow emoji, but I do wish I could add :facepalm: or :eye-roll: here.
It's the faraday box part in particular. Airplane mode isn't a true no-radios mode on iPhone (this is well-known, or should be on HN at least). But it does leave cellular radios off. Wifi and bluetooth might need to be separately disabled and with wifi, at least, it'll turn back on after a while. So maybe (being very generous), if bluetooth or wifi is enabled or becomes re-enabled, there's a signal between the iPhones that causes this reboot behavior.
But how is a device in a faraday box receiving this signal and rebooting? And why do they need a signal when they could just use their own clocks and determine that it's been X days or weeks since last going online and reboot?
> how is a device in a faraday box receiving this signal and rebooting?
Doesn’t need to. Being in a Faraday box is a reasonable trigger for a single reboot. That said, the most incredulous part of this story is that iPhones can detect when they’re in a Faraday cage.
I'm going to go ahead and assert that they can't tell. A Faraday cage is just a deliberate construction of a situation that happens all the time anyway. Hospitals have lots of shielded rooms in and around the radiology department. The basement of a steel building is basically the same. So is anywhere on a ship. My aged house has lath and plaster walls that can simultaneously survive a nuclear blast and also block Wi-Fi unless the amp's turned up to 11. There's no sensor in an iPhone that could tell that it's in a specially-constructed Faraday cage instead of a plain old dresser drawer in my bedroom.
I'm not sure if that's possible. What's the difference between that and someone sitting their phone on a metal cabinet?
I'm even more confident that Apple hasn't spent the research hours required to do that reliably, then incorporate the electronics and software needed into off-the-shelf phones, all to protect criminals from having their phones hacked under very specific conditions. That seems like a huge money sink.
> What's the difference between that and someone sitting their phone on a metal cabinet?
In a zero-signal environment? With other iPhones in very close proximity?
You can even measure your false positive rate by timing to first successful unlock. If it happens more than once, turn down the sensitivity on the feature (or turn it off completely).
(Were I designing this feature, I’d let phones in this state poll the other phones on how long they’ve been in it.)
But the claim is that other iPhones in the area are triggering the reboot. Setting that claim aside, though, how would the device even tell it's in a faraday box versus just out in the woods?
> the claim is that other iPhones in the area are triggering the reboot
Lack of motion? The information the other phones provide are proximity (it’s unusual for people to pile their phones together), that the radios still work and possibly a timeline, e.g. if the other phone says “I’ve been in a suspicious state for two days,” the first phone can change its priors.
Anything's possible, but I am highly skeptical of the notion. Their little speakers don't have infinite frequency response, and I haven't heard reports of young teens saying their phones make weird chirps. Also, why on Earth would Apple do this? The notion that iPhone A in AFU mode is anxiously listening for iPhone B to come along and send it an audio trigger that it should reboot is hard to believe. It would be way easier to just tell iPhone A to reboot after N hours in AFU mode if they wanted to accomplish such a thing. And why would iPhone B be sending the "OMG reboot yourself!" audio signal to iPhone A in the first place?
They don’t need infinite frequency response, and I don’t think it’s unusual to have a frequency response outside of human hearing. I know for a fact that Cisco uses frequencies outside human hearing to help pair your computer to meeting room screens
Faraday cages used by law enforcement, such as [1] aren't impervious to RF.
They provide enough attenuation to keep phones off the cellular network and prevent GNSS from working, but not enough to prevent communication with nearby devices via Bluetooth or wifi.
A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Unless the forensic lab has additional special shielding from cell towers, the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar, so they'd both be attenuated similarly.
> A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant
It's not constant at all. The level of attenuation varies greatly based on frequency. For the Ramsey STE3000 I have here, it varies by 40dB or more at the frequencies at which I've tested it. The enclosure good for around -100dB at 700MHz, but only -60dB or so at 2.4GHz.
> (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Even if you exclude mmWave and consider only the sub-6 bands, AT&T for example has LTE and 5G bands from 700MHz to 3700MHz. They're not similar at all. Worlds of difference in terms of propagation characteristics.
> the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar
No, they wouldn't.
On my Pixel 8 Pro right now I'm seeing -93dBm from a tower about half a mile down the road (700MHz LTE), and -40dBm from the BLE radio in the HVAC controller on the wall of this room, about 8 or 10 feet away. That's a 53dB difference.
If I put my phone in the box, it attenuates the LTE downlink from down the street to well below the thermal noise floor. It cannot do the same for BLE; my phone can still talk to the HVAC controller from inside.
Ah, then they could definitely communicate with each other.
And while I don't expect stock iPhones to do anything like what's being suggested in the article, I could see custom software activating a "panic mode" based on observations that plausibly suggest a device being in such an environment.
What happens if one is in a place with no connectivity for a long time? There are areas of the world like that. Periodic forced reboots are useless and harmful there. Think about reading ebooks offline or following a map with only GPS on.
Additionally, this wouldn't require a periodic reboot; only one. So, phone in After First Unlock state loses cellular connection -> timeout period expires without being unlocked -> phone reboots. This process only restarts once the user unlocks it _and_ it has re-acquired a cellular connection.
A reboot of a phone is hardly the end of the word, and it's trivial and obvious to simply have the trigger conditions be slightly less simple and stupid. Like require some user activity. Require the pin again or some other reassurance.
What happens if one is in a place with no connectivity? What indeed? Nothing much. That's what happens.
Not an audio command, but even just holding down the volume and side buttons to open the power off menu, without actually powering off your phone, triggers the same behavior.
That locks the phone, but a reboot presumably drops a lot of in-memory caches, to one degree or another. I don’t know whether (or how well) iOS zeroes out memory, but I can certainly imagine the AFU state is easier to target than the BFU state.
Very little, which is why if you enable automatic updates on iPhones they try to apply those updates at night while the device is locked and charging, when most people are sleeping. If you're using the phone it won't activate at night and will let you know that it couldn't install the update.
Only harm I could see if someone grabs their phone to make emergency call and it's rebooting or locked and in their sleepy state, have trouble unlocking it.
However, I do think 12 hour "Phone hasn't been unlocked, reboot it" seems logical security feature to add.
This reads more like a chain email forward than an actual analysis of the iPhone tech stack.
Fwd: Fwd: READ THIS!!! You won't believe what the iPhone does when off network and around other iPhones!!!
> It is believed that the iPhone devices with iOS 18.0 brought into the lab, if conditions were available, communicated with the other iPhone devices that were powered on in the vault in AFU. That communication sent a signal to devices to reboot after so much time had transpired since device activity or being off network.
The hypothesis doesn't make any sense because the phone doesn't need to communicate with other phones to decide to restart/lock based on lack of network signal.
> Matthew Green, a cryptographer and Johns Hopkins professor told 404 Media that the law enforcement officials' hypothesis about iOS 18 devices is "deeply suspect," but he was impressed with the concept.
Just about sums it up.
GrapheneOS has a "reboot after x hours inactivity" feature specifically to prevent the scenario mentioned in the story. Otherwise leaving a phone powered on is a massive risk, especially if cops can keep it charged for months to wait for an exploit.
I very much doubt it. Far more likely to be a memory leak in the baseband which is exposed when the devices are unable to talk to the cellular network for a period of time.
If that's what's going on, it might be the best example of "it's not a bug, it's a feature!" ever.
I haven't kept up with iOS feature developments, but modern Android devices can be configured to lock automatically if they go offline.
The purpose of this is to counter a thief putting your phone into aeroplane mode to prevent you remote locking or erasing the device.
iOS 18.1 has a release note about fixing unexpected restarts on iPhone 16 and iPhone 16 Pro models.
https://support.apple.com/en-us/121161#a181 (last item)
Cops are some of the greatest "victims" in our society. Encryption will make their investigations more difficult. They'll be judged first by the basis of the race of their suspect and then by the suspected crime. Even bodycams (which they're now quick to hail as they're "recording too," when people record interactions with their phones) were going to impeded their ability to do their jobs.
There are fewer groups with so much power who see themselves as downtrodden. I could name others, but that'd be going off-topic.
You sound right on the money here. Occam’s Razor suggests they’re rebooting for a reason we know about rather than an undocumented security feature.
Another option is that whatever bug cellebrite was exploiting to extract data from iPhones in AFU mode is now subtly not working, leading to unexpected reboots when attempting extraction.
I don’t think it’s other iPhones that are sending a signal. Rather, it’s probably a security option that’s easy for most people to overlook in the Settings app. I have little knowledge about iPhone hacking, but I think in the same place where you can say “delete my data after 10 failed passcode attempts”, you can also force ask for a passcode to start using accessories again if it’s been a long time since it’s been unlocked. But I don’t think I have ever seen anything around rebooting. That sounds like a very nice feature though since rebooting apparently is good for making sure the phone clears spyware access.
Frankly I'm all for phones detecting that they're in an unusual state and changing posture to a higher security level.
More discussion on the source: https://news.ycombinator.com/item?id=42083052
This is like the junior QA coming to you and is so sure of himself and he think his theory is 100% correct
Why would the iPhones need to communicate in order to reboot? Just detect a lost network connection, add a timer, lack of normal user activity, some other signal, ....
Sounds like a timer, if not just a crash. Nothing here sounds like a the phones are communicating with each other.
It's a dot zero release.
Could easily just be a memory leak that is accumulating until the OS crashes.
> The digital forensics lab that noticed the issue had several iPhones in AFU state reboot, including iPhones in Airplane mode and one in a faraday box.
You can stop reading there. iOS 18 doesn't add freaking telepathy to phones. Whether it's a bug or a new feature Apple added that reboots phones under certain circumstances, it's not "iPhones communicating to force reboots".
I'm glad HN doesn't allow emoji, but I do wish I could add :facepalm: or :eye-roll: here.
Why? This seems like a smart anti-theft measure. (Bunch of iPhones in a radio silent environment together, maybe also not moving or detecting light.)
It's the faraday box part in particular. Airplane mode isn't a true no-radios mode on iPhone (this is well-known, or should be on HN at least). But it does leave cellular radios off. Wifi and bluetooth might need to be separately disabled and with wifi, at least, it'll turn back on after a while. So maybe (being very generous), if bluetooth or wifi is enabled or becomes re-enabled, there's a signal between the iPhones that causes this reboot behavior.
But how is a device in a faraday box receiving this signal and rebooting? And why do they need a signal when they could just use their own clocks and determine that it's been X days or weeks since last going online and reboot?
> how is a device in a faraday box receiving this signal and rebooting?
Doesn’t need to. Being in a Faraday box is a reasonable trigger for a single reboot. That said, the most incredulous part of this story is that iPhones can detect when they’re in a Faraday cage.
I'm going to go ahead and assert that they can't tell. A Faraday cage is just a deliberate construction of a situation that happens all the time anyway. Hospitals have lots of shielded rooms in and around the radiology department. The basement of a steel building is basically the same. So is anywhere on a ship. My aged house has lath and plaster walls that can simultaneously survive a nuclear blast and also block Wi-Fi unless the amp's turned up to 11. There's no sensor in an iPhone that could tell that it's in a specially-constructed Faraday cage instead of a plain old dresser drawer in my bedroom.
Could the phone detect that they are in a small conductive box: stronger interference back when they send a signal?
I'm not sure if that's possible. What's the difference between that and someone sitting their phone on a metal cabinet?
I'm even more confident that Apple hasn't spent the research hours required to do that reliably, then incorporate the electronics and software needed into off-the-shelf phones, all to protect criminals from having their phones hacked under very specific conditions. That seems like a huge money sink.
> What's the difference between that and someone sitting their phone on a metal cabinet?
In a zero-signal environment? With other iPhones in very close proximity?
You can even measure your false positive rate by timing to first successful unlock. If it happens more than once, turn down the sensitivity on the feature (or turn it off completely).
(Were I designing this feature, I’d let phones in this state poll the other phones on how long they’ve been in it.)
But the claim is that other iPhones in the area are triggering the reboot. Setting that claim aside, though, how would the device even tell it's in a faraday box versus just out in the woods?
> the claim is that other iPhones in the area are triggering the reboot
Lack of motion? The information the other phones provide are proximity (it’s unusual for people to pile their phones together), that the radios still work and possibly a timeline, e.g. if the other phone says “I’ve been in a suspicious state for two days,” the first phone can change its priors.
environmental RF in the woods, vs band specific shielding in farady cage.
Because iPhones can't ping each other when one's inside a Faraday cage.
You're probably right, but wouldn't intermittent audio sidestep a faraday cage?
Edit: I noticed it's "box" and not "cage" but I think the same what-if applies here.
Anything's possible, but I am highly skeptical of the notion. Their little speakers don't have infinite frequency response, and I haven't heard reports of young teens saying their phones make weird chirps. Also, why on Earth would Apple do this? The notion that iPhone A in AFU mode is anxiously listening for iPhone B to come along and send it an audio trigger that it should reboot is hard to believe. It would be way easier to just tell iPhone A to reboot after N hours in AFU mode if they wanted to accomplish such a thing. And why would iPhone B be sending the "OMG reboot yourself!" audio signal to iPhone A in the first place?
They don’t need infinite frequency response, and I don’t think it’s unusual to have a frequency response outside of human hearing. I know for a fact that Cisco uses frequencies outside human hearing to help pair your computer to meeting room screens
Faraday cages used by law enforcement, such as [1] aren't impervious to RF.
They provide enough attenuation to keep phones off the cellular network and prevent GNSS from working, but not enough to prevent communication with nearby devices via Bluetooth or wifi.
[1] https://ramseytest.com/rf-shielded/forensic-enclosure/
That sounds implausible.
A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Unless the forensic lab has additional special shielding from cell towers, the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar, so they'd both be attenuated similarly.
> That sounds implausible.
I can say from experience that it is not.
> A Faraday cage is an attenuator, which multiplicatively decreases signal strength by some constant
It's not constant at all. The level of attenuation varies greatly based on frequency. For the Ramsey STE3000 I have here, it varies by 40dB or more at the frequencies at which I've tested it. The enclosure good for around -100dB at 700MHz, but only -60dB or so at 2.4GHz.
> (at least within a similar frequency band, which Bluetooth and 5G can be considered to be).
Even if you exclude mmWave and consider only the sub-6 bands, AT&T for example has LTE and 5G bands from 700MHz to 3700MHz. They're not similar at all. Worlds of difference in terms of propagation characteristics.
> the received strength of both a reasonably close cell tower and a nearby Bluetooth transmitter would be pretty similar
No, they wouldn't.
On my Pixel 8 Pro right now I'm seeing -93dBm from a tower about half a mile down the road (700MHz LTE), and -40dBm from the BLE radio in the HVAC controller on the wall of this room, about 8 or 10 feet away. That's a 53dB difference.
If I put my phone in the box, it attenuates the LTE downlink from down the street to well below the thermal noise floor. It cannot do the same for BLE; my phone can still talk to the HVAC controller from inside.
I assumed they have one cage they toss all the phones in.
Ah, then they could definitely communicate with each other.
And while I don't expect stock iPhones to do anything like what's being suggested in the article, I could see custom software activating a "panic mode" based on observations that plausibly suggest a device being in such an environment.
What happens if one is in a place with no connectivity for a long time? There are areas of the world like that. Periodic forced reboots are useless and harmful there. Think about reading ebooks offline or following a map with only GPS on.
The phone isn't locked in either of those cases, no?
This is only happening on phones that are currently locked, but which were previously unlocked since the last reboot.
Additionally, this wouldn't require a periodic reboot; only one. So, phone in After First Unlock state loses cellular connection -> timeout period expires without being unlocked -> phone reboots. This process only restarts once the user unlocks it _and_ it has re-acquired a cellular connection.
Honestly, this is a solid security feature that I do not believe Apple has actually installed.
What great problem do you imagine?
A reboot of a phone is hardly the end of the word, and it's trivial and obvious to simply have the trigger conditions be slightly less simple and stupid. Like require some user activity. Require the pin again or some other reassurance.
What happens if one is in a place with no connectivity? What indeed? Nothing much. That's what happens.
Is there an audio command you can say to cause Siri to BFU?
Not an audio command, but even just holding down the volume and side buttons to open the power off menu, without actually powering off your phone, triggers the same behavior.
That locks the phone, but a reboot presumably drops a lot of in-memory caches, to one degree or another. I don’t know whether (or how well) iOS zeroes out memory, but I can certainly imagine the AFU state is easier to target than the BFU state.
hmmm good one to add to the "before crossing an international border" toolkit
> good one to add to the "before crossing an international border" toolkit
You’re in for a bad time refusing to unlock at most borders.
“Hey Siri, reboot”?
“Find My” forms a mesh network with other Macs and iPhones.
Maybe the isolated phone has a feature where it reboots after being unable to find a peer?
Great idea. How about reboot if more than 2 hours with no unlock?
Um, sleep? Make it at least mid teens if not 24+
What’s the harm if it reboots if you’re sleeping?
Very little, which is why if you enable automatic updates on iPhones they try to apply those updates at night while the device is locked and charging, when most people are sleeping. If you're using the phone it won't activate at night and will let you know that it couldn't install the update.
Only harm I could see if someone grabs their phone to make emergency call and it's rebooting or locked and in their sleepy state, have trouble unlocking it.
However, I do think 12 hour "Phone hasn't been unlocked, reboot it" seems logical security feature to add.
You never need to unlock an iPhone to make an emergency call (if you mean 911 versus urgently needing to call some other number).
The initial unlock will take a little longer, your apps aren't running, etc. Nothing major, still a bit annoying though.
TL;DR: Cops are likely wrong, iPhone just reboots after being disconnected for a while.
The article is kind of confusing about this.