2025-06-25 –, Track 3
When losing a phone, preventing thieves from accessing your data is essential. One of the most effective things to prevent data extraction is a reboot – but how to reboot a phone that you no longer possess? In iOS 18, Apple silently introduced automated reboots, designed to restart iPhones in such situations. But how does it work and which attacks does it prevent?
Apple's new "Inactivity Reboot" feature restarts an iPhone that was not unlocked with the correct passcode after three days. This idea is not entirely new: GrapheneOS, a security-focused Android project, implements a similar auto-reboot feature. The connection between security and reboots might not be obvious. However, encryption that protects most user data only is effective after reboot and before first unlock. After first unlock, user data is decrypted and stays accessible to so-called zero-click attacks, even on locked phones.
This talk focuses on how Apple implemented inactivity reboot and what it protects. For the implementation part, you'll learn how to get hints about new features that Apple added, where to start reverse engineering in user space and the kernel, and eventually end up in the encrypted Secure Enclave Processor (SEP) firmware.
Dr.-Ing. Jiska Classen is a wireless and mobile security researcher and research group leader at Hasso Plattner Institute. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse engineered Apple's AirTag communication protocol. She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmier Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and trainings, and published at prestigious academic venues.