Everybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted.
This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.
Clive Robinson • November 14, 2024 11:01 AM
@ Bruce, ALL,
With regards,
“This is a really good security feature. But various police departments don’t like it”
The first sentence should have “for users” tacked on the end.
Because then it makes the “them v us” mentality of the “Good v bad” observer view point.
Yes this technical forward step is of considerable use to anyone in society who wants or has need of privacy. It’s something that was predicted and discussed as a future technology academically back in 2000 (I was party to the discussion at an academic event in Stockholm that end of summer on the morning the “tall ships” came into port).
The question is for something that is effectively “so obvious” why it took so long to appear in consumer products (I’ve been putting similar into certain high end commercial products since before 9/11).
But that also brings in the observer view point issue.
I’m sure that many here can see why such technology is actually of a significant benefit to society as it has a very strong use as a “safety measure” for those at risk from others. That’s mostly ordinary people who have the misfortune to have come to the attention of those with undesirable personality traits (or mental aberrations). It does not have to be as severe as “abuse defined by legislation”, it could be any form of harm.
The problem is the advance of technology is many many times that of society and it creates new harms as it creates new benefits.
However some people have highly polarised views and significant cognitive bias. A look up of the behaviour of the FBI and DoJ against Apple a few years back will tell many of the dangers of such people.
The fact that the politicians can not or will not accept their view point is not just wrong, but is impossible to actually do. But they still push it under various names and technical variations should warn people that “the desire for oppressive power over the majority” is a fantasy above all others in their deluded minds.
Whilst the NOBUS Backdoor idea has been fairly thoroughly debunked, the new idea is “AI on the user interface” that “phones home”.
Apple ran a trial to try and reduce CSAM storage and communication on users devices. However it quickly became clear that it could be used to find and report anything that appeared on a users device, even if they did not put it there (the joys of malware for blackmail as a variation of ransomware is still waiting to be more fully exploited).
The point that many miss is that the “Guard Labour” used to ensure compliance with legislation and regulation, have little or nothing to do with “justice” as most ordinary members of society would view it. All they care about is “performance figures” that are “obtained as inexpensively as possible”. Often this is enforced by a carrot and stick policy of bonuses and disciplinary measures.
When your next mortgage payment is dependent on getting “one more collar” etc, are you really going to care more about keeping a roof over your families head or that actual “justice is served”?
It’s why we should have way way more privacy technology in place as the societal good via reduction in harms is going to easily exceed the harms to society that politicians shout about for their own self interest and as a way to make Guard Labour less expensive and way more prone to injustice…
Rontea • November 14, 2024 11:23 AM
Cool! I wonder if this feature was a bug first.
ResearcherZero • November 15, 2024 2:06 AM
@Rontea
Other developers have implemented similar functions before. Graphene provides options to restrict USB access before first unlock, reboot scheduling and other lockdowns.
To have something like this as a default is an improvement in security, as GreyKey and other forensic companies were exploiting vulnerabilities during boot and memory access.
–
telling fibs
NSO was running the installation of spyware and data extraction, not governments.
‘https://www.theguardian.com/technology/2024/nov/14/nso-pegasus-spyware-whatsapp
ResearcherZero • November 15, 2024 2:08 AM
People who steal and resell phones also exploit weaknesses in boot/unlock features.
Who? • November 15, 2024 6:05 AM
Apple is a member of the NSA’s PRISM surveillance program. I see no problem for TLAs getting access to what they want. All this looks like a good public relations campaign again.
AreUuuParanoidEnough • November 15, 2024 8:58 AM
The feature is not entirely good for users unless the “idle for a long time” state can be distinguished from the “actually booted since last use” state by a user; otherwise a requested reboot/power off just got easier to spoof.
Andrew • November 15, 2024 11:28 AM
I bought a Samsung phone in 2016 that had an option in settings to force a weekly reboot. I’m not sure if this was originally implemented for performance reasons1, but I immediately recognized that it would reset the device into “before first unlock” mode and enabled it for that reason. Glad to se similar features coming to iOS.
I’ve also noticed that newer versions of iOS revert to “before first unlock” state as soon as you pull up the slide-to-power-off menu even if you don’t actually shut down/reboot the device. That’s handy to know in case you are ever in a situation where you need to hard lock your device on very short notice.
Clive Robinson • November 15, 2024 4:09 PM
@ Rontea, ResearcherZero,
With regards,
“Cool! I wonder if this feature was a bug first.”
The roots of the feature go back to before the 1970’s and was a “safety feature” against not just software errors but stray high energy particles zipping through early microelectronics.
It was a simple hardware circuit that consisted of an “integrator” with a “momentary operation” switch across the capacitor that was doing the integration. If you did not operate that switch very regularly then the voltage across the capacitor would reach a level where it would cause the microprocessor “reset line” was activated and it did a “cold reboot”.
The correct way to activate the switch was as part of the code “main loop” thus if the code did not get there in time due to error the microprocessor got reset.
Unfortunately many software engineers got aggravated by this function during development and would either “short the switch” or worse “drive it from a timer interrupt” either way it had a bad habit of causing significant problems “down the line” and in some organisations management let out new product with this safety feature crippled rather than kick certain people “out the door”…
The name of the circuit is a matter of history. Originally computers had “Brownout detectors” which were there to detect if the power supply rails went out of specification. This got augmented by the integrator and momentary switch and got called a “Watchdog addition” or just “Watchdog circuit”. Later when actual digital “count up timers” replaced the integrator they got called “Watchdog timers” and got integrated into “microcontroller” chips as a standard feature. However they could easily be not enabled or set to ridiculously long time periods.
So even today software developers who should know better defeat the circuits “safety” purpose over the heads of hardware engineers who were last century generally rather more safety conscious…
But yes this “new” Apple Function is just a rework of the old “Watchdog” circuit, in a similar way to the “auto shutdown on low battery” is just a rework of the old “Brown out” circuit.
With both now being done to a greater extent in “not to reliable” software, I suspect it won’t be long before someone finds a way for malware to fritz it.
As they say “history revolves” and,
“Those who do not learn from the past are all to often condemned to relive it.”
Something the ICT Industry appears incapable of learning…
ResearcherZero • November 15, 2024 8:23 PM
NSO’s owners knew precisely how Pegasus exploits worked and were deployed by NSO.
‘https://www.bleepingcomputer.com/news/security/nso-group-used-another-whatsapp-zero-day-after-being-sued-court-docs-say/
A kot of illegal behaviour…
‘https://www.courtlistener.com/docket/16395340/465/whatsapp-inc-v-nso-group-technologies-limited/
Paul Sagi • November 16, 2024 12:38 AM
AreUuuParanoidEnough kind of says something I wondered about, can someone exploit the feature to cause a reboot that helps install/activate malware?
Paz • November 16, 2024 2:48 PM
Android GrapheneOS had this feature pretty long ago. And it’s configurable! Like 10 mins, 4h, 8h 24h…
You can setup it so phone will reboot itself when you are sleeping or totaly not in the ‘scary-three-letters’ van
Probably CalyxOS have same feature
Dave • December 2, 2024 8:06 PM
@Andrew: The scheduled-reboot thing has been part of (typically) cheap Internet-enabled devices pretty much forever, think routers, access points, etc, to deal with the fact that they often can’t run for any amount of time without running into problems. So a daily or weekly reboot resets them into a clear state which (hopefully) won’t get too messed up before the next reboot hits.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Avi • November 14, 2024 8:41 AM
Incorrect. If the phone hasn’t been used for a few days, the phone reboots. The reboot is what moves the phone from “After First Unlock” to “Before First Unlock”.