In recent days, there has been a rather curious and somewhat intriguing news story that has caught attention in an unusual way. Detroit police have discovered a change in iOS 18 that has made their attempts to access some iPhones stored in their forensic labs much more difficult. At the center of this situation is a feature called “idle reset,” which very simply and intelligently changes privacy on the devices.
A simple restart changes a lot of things
According to what has been published in 404 Media, the police have started to notice that certain iPhones that have been inactive for a while automatically reboot, causing the device to enter a state known as “Before First Unlock” (BFU). This is a very important change, as once in BFU state, the iPhone requires the legitimate owner to enter their unlock code and, in terms of security, it becomes practically completely inaccessible to forensic tools.
A phone that is in “After First Unlock” (AFU) state, which occurs if the device has been unlocked at least once after being powered on, is easier to analyze. “Easier” should be in quotes, in fact, because newer models and the evolution of encryption and security measures make it extremely difficult if not impossible to access the data, especially if we use an alphanumeric password to access the phone.
In any case, with this restart due to inactivity, the devices return to the BFU state if they are not used for several days. At that point, they require the owner’s code for any access, leaving the police and investigators in a difficult situation.
Initially, there was some confusion surrounding this function due to the hypothesis put forward by some in the security forces: they thought that these iPhones were communicating with each other to trigger these reboots. According to documents accessed by 404 Media, agents initially suspected that the iPhones in question had sent signals to other devices in the lab, ordering a reboot after a period offline.
This theory was later dismissed, as a security researcher posted on Mastodon that the restart is not related to the network connection, but rather a simple timer that starts during inactivity. This is something managed directly by the software through Apple’s secure key storage system, without depending on the network status or the proximity of other devices.
We cannot create a backdoor just for the good guys
For us, the users, this feature represents a significant step forward in terms of our privacy and security. It is clear that law enforcement needs to do their job, but protecting the security of our data is essential.
Encryption tools and security features of devices like the iPhone are not designed to hinder police work, but to ensure that our data remains secure from any kind of intrusion. Too many times we have seen how some companies sell the same tools intended for the police to, for example, governments that may use them to act against political dissidents or similar.
A backdoor, a vulnerability or, in this case, an access opportunity, is something that benefits both law enforcement and cybercriminals equally. In this situation, just like with the quantum encryption of iMessage, Apple continues to prioritize our privacy and security with features like the one at hand.
A restart due to inactivity that sets a limit on the amount of time a device can remain without the additional protection of a restart. This is a vital barrier that protects all of us.
