Seems like a good defence in depth strategy. These days most systems have a pretty good boot chain security, so after a reboot you know the system is in a valid state and any potential malicious changes have been flushed out.
Probably also helps with other kinds of transient hardware faults (and cosmic-rays) that can cause bitflips.
That said, on principle, there is no reason why ECC RAM should not be the standard (c.f. Linus Torvald’s ire at Intel using ECC as a market-segmentation ploy)
> But for now, for anyone periodically using the phone, which I bet is most users, the phone will never reboot automatically.
Samsung has an auto-reboot daily feature and has been pushing it a lot (in form of annoying notifications and settings suggestions). In principle, it may not even be a bad idea - but for one fact:
Rebooting the phone effectively turns it off. Until the user unlocks the phone, it won't connect to phone network. AFAIK it also won't start any of the usual background processes that listen to notifications, and it might not even connect to Wi-Fi.
Those "security" measures make automated reboots an useless feature. There really is only one good time to auto-reboot, and that's when the user is sleeping. But no way anyone's doing that when it means their phone won't be able to receive calls. Even during the day, the phone randomly rebooting and remaining disconnected until the user notices - it's probably even worse, and I imagine anyone would disable this feature after first time it activated.
>>Rebooting the phone effectively turns it off. Until the user unlocks the phone, it won't connect to phone network. AFAIK it also won't start any of the usual background processes that listen to notifications,
Well yes, because the storage and all the apps are encrypted until you unlock your phone. So you could have all the apps boot up and start listening for events, but it would be at the cost of reduced security elsewhere. Not sure what the right solution is tbh, I think personally I'd rather have all of my data encrypted even if it means my phone isn't actually "active" after a reboot.
I have a Samsung with this feature. It rebooted overnight and this morning it was in BFU state with several mail and sms notifications. It was also connected to wifi and the cellular network.
It was true for my Galaxy S22, and is currently true with reboots after update. And yes, early on I had a situation where the phone rebooted overnight and remained stuck on the lock screen while disconnected from networks, until I woke up and noticed. Fortunately I didn't miss anything important, but after that I immediately reviewed all settings and disabled anything that could reboot the device automatically (including updates, which are set for manual installation now).
Not never; phones also reboot when there are critical OS updates to apply — and that happens as long as the phone is both charging and locked at any time during a vendor-defined daily maintenance window (usually something like 2AM-4AM in the user's local time.)
This happens even if the user just put the phone to sleep a moment ago. The only way to prevent it is to never leave your phone locked and charging at the same time.
> phones also reboot when there are critical OS updates to apply
Of course, or when they run out of battery, or you drop them too hard, etc. But realistically you could go for weeks or months without a reboot. From a transient fault or malware perspective, that might as well be never.
Sure they would. If the system was for interactive use, it likely requires some login or unlock password. If the system is supposed to respond to external events - such as receiving phone calls when the system in question is a phone - then a reboot will effectively disable it until the user notices.
All the phones I have used were like this (Samsung, Google, Xiaomi, Redmi, Oppo - across years and years of models).
I am surprised you write that the SIM is locked upon reboot. What does this mean in technical terms? Do you mean that you have to enter the SIM PIN when your phone reboots?
Ah, this is the normal behaviour of a SIM card. You can disable this PIN at startup (a setting in the phone). This is not recommendable, though, because if your phone gets lost or stolen your SIM may be used in a "layer" (a device that will make premium calls or SMS, the name is derived from a hen (that lays eggs)).
The solution is to use an eSIM - you can disable the PIN at bootup because it is protected by the phone lock anyway and will be operational immediately.
All that private key nonsense falls in this bucket as well. What else is a private key than an attempt to guard your system behind a thin veil of "an obscure number I know and you don't"? Classic security by obscurity.
Nothing wrong with security by obscurity. It's widely used and it is effective. Security is security. Usually there are easier and more effective methods though, so if it's your only security layer then you might have missed a few things.
The main reasonable criticism would be that it obscures the things you missed from naive audits while still being accessible by an attacker. So you hide the issue from the "good guys" while not baring much entry by the "bad guys". I have seen this pattern emerge many times, because what is obscure to you may not be obscure to someone else. So it /causes/ you to miss things.
The fact that Apple is adopting a similar approach for iPhones, is pretty much in line with that idea, just applied to personal data protection, isn't it?
What do you mean "planning"? They already are in some places, including Apple Stores themselves. But more often you see iPads in that role with a bigger screen for customers. Are they doing the same behavior? (I don't see why not).
For the moment they have an external payment / card terminal; other than the card reader itself, I don't see why an iphone wouldn't work as a formal payment terminal.
