Skip to main content

A hidden iOS 18.1 upgrade made it harder to extract data from iPhones

A person holding the Apple iPhone 16 Plus.
Apple iPhone 16 Plus Andy Boxall / Digital Trends

Apple Intelligence was the most notable upgrade that arrived on iPhones with the iOS 18 series of updates. But it seems Apple reinforced the security protocols in the background that could prevent bad actors from gaining unauthorized access to iPhones that haven’t been unlocked in a while by their legitimate owner.

Earlier this month, 404Media reported that law enforcement officials are troubled by iPhones that are mysteriously rebooting. Citing a report courtesy of officials in Michigan, the outlet notes that the reboots are hampering the ability to access what’s stored on the phones through brute-force unlock methods.

Recommended Videos

Following the report, Dr.-Ing. Jiska Classen, a wireless and mobile security researcher at the Hasso Plattner Institute, shared on social media about a new iOS 18.1 feature called inactivity reboot. It kicks into action when an unlock action is attempted on an iPhone.

Please enable Javascript to view this content

“While most people won’t have their phone forensically analyzed, many more will have their devices stolen. It protects user data in both cases,” she explained. The whole system is tied to patterns of inactivity and how a phone taps into a secure state after being restarted.

Specifically, a phone enters a Before First Unlock (BFU) state following a restart. It only exits that stage after the phone has been unlocked. BFU is a critical security measure, as it encrypts files individually on the phone, which means they can be accessed only after the phone has been unlocked.

Cellebrite UFED device.
A Cellebrite device used to extract data from smartphones. Cellebrite

On iPhones, unlocking it after a restart (or the BFU phase) generates a decryption key, which subsequently decrypts the files and allows access to them. “Almost all the content of an iPhone is encrypted until the point when the user unlocks it to enable the phone to start up,” explains Celleberite, a company that makes devices used by law enforcement to extract data from phones.

The BFU state doesn’t seem to block access to all data, but it does impose some serious restrictions. “Remember, if you seize an iPhone and it is already powered on, try to keep it that way,” Cellebrite warns investigators in another blog post.

Apple’s new inactivity reboot system throws another obstacle in the way of accessing the data on an iPhone even if it hasn’t been unlocked in a while, thanks to the automatic reboot process that puts the phone in BFU mode.

Now, the BFU state itself is not impenetrable on its own. Cellebrite claims that its Premium package — which includes a UFED device and special software — can help extract data from devices in the BFU state.

However, as per a research paper by experts at the Department of Electrical Engineering (Faculty of Engineering, Universitas Indonesia), they could “see just around 40% of the media obtained in BFU locked device extraction” using the Cellbrite Premium system.

Apple hasn’t officially commented on the inactivity reboot system that it implemented with iOS 18.1 yet. However, the company still cooperates with law enforcement authorities to unlock iPhones with proper warrant or legal authorization.

Nadeem Sarwar
Nadeem is a tech and science journalist who started reading about cool smartphone tech out of curiosity and soon started…
I won’t be buying an iPhone 16e for anyone in my family, here’s why
Hand holding iPhone 16e.

Apple’s iPhone 16e is a strange duck. When one sits down and considers the specs, it’s hard to figure out where it truly fits into Apple’s lineup.

It’s apparent from the name that Apple wants you to see it as the new junior member of the iPhone 16 lineup. That’s certainly fair, and it’s arguably about time that the iPhone family got a third tier. After all, Apple’s chief rivals like Google and Samsung have had their A-series and FE-series phones for years.

Read more
The iPhone 16e has failed to be the iPhone SE 4 I wanted
iPhone 16e overlaying an iPhone SE 3 and iPhone 14.

When it’s the first half of a year, and a new iPhone has been announced, you know it’s not one of Apple’s next-generation flagships like the iPhone 16 or iPhone 16 Pro. Instead, a new iPhone this time of year is usually a new SE model. Not in 2025, however. On Wednesday, the world said hello, not to the “iPhone SE 4” but to the iPhone 16e.

The new handset replaces the iPhone SE 3 as Apple’s most affordable iPhone. However, it doesn’t take cues from earlier SE models. Instead, it resembles the 2022 iPhone 14, which, like the iPhone SE 3, was removed from the market this week.

Read more
Apple missed a cute, fitting opportunity with the iPhone 16e’s name
A group of iPhone 16e phones arranged in a pattern.

The names of our smartphones matter. Too clunky and we forget, too wordy and we don’t remember, or too bizarre and we won’t say it. They don’t have to mean anything at all, but they need to fit. The new iPhone 16e’s name fits, far more so than the expected alternatives, and it was one of Apple’s best decisions with the phone. But there’s another name I would have preferred even more.
You’re family now

Since rumors began more than a year ago, it was assumed the iPhone 16e would be called the iPhone SE 4, or the iPhone SE (2025), which mostly followed the trend of previous devices in the range. The original iPhone SE was followed by the iPhone SE (2020), then the iPhone SE (2022), so either name was a logical path for Apple to take.

Read more