Protecting user data in the face of attack
Attackers attempting to extract user data often try a number of techniques: extracting the encrypted data to another medium for brute-force attack, manipulating the operating system version, or otherwise changing or weakening the security policy of the device to facilitate attack. Attacking data on a device often requires communicating with the device using physical interfaces like Thunderbolt, Lightning, or USB-C. Apple devices include features to help prevent such attacks.
Apple devices support a technology called Sealed Key Protection (SKP) that’s designed to ensure that cryptographic material is rendered unavailable off device, or that’s used if manipulations are made to operating system versions or security settings without appropriate user authorization. This feature isn’t provided by the Secure Enclave; instead, it’s supported by hardware registers that exist at an even lower layer to provide an additional protection to the keys necessary to decrypt user data independent of the Secure Enclave.
SKP is available only on devices with the following Apple-designed SoCs:
A11 or later
S3 or later
M1 or later
iPad and iPhone devices can also be configured to only activate data connections in conditions more likely to indicate the device is still under the physical control of the authorized owner.
Automatic Restart
Automatic Restart is a security mechanism in iOS 18.1 iPadOS 18.1 and or later that leverages the Secure Enclave to monitor device unlock events. If a device remains locked for a prolonged period, it automatically restarts, transitioning from an After First Unlock state to a Before First Unlock state. During the restart, the device purges sensitive security keys and transient data from memory.
For additional control, on devices with iOS 18.4, iPadOS 18.4,or later, the IdleRebootAllowed setting to allow device management administrators to turn on or turn off Automatic Restart. With this setting, administrators can programmatically to turn on or turn off Automatic Restart behavior to align with organizational security protocols and operational requirements.
Note: Automatic Restart is turned off by default on supervised devices.
Although Automatic Restart enhances security, it can inadvertently cause devices to lose their Wi-Fi connection upon restart. This loss of connectivity may disrupt device management service operations, especially in environments where persistent network access is critical.