Hackers can break into your iPhone even when it's switched off

(Image credit: Future)

Cybersecurity researchers have discovered a way to run malware on Apple's iPhones, even when the device is switched off.

A report published by the Technical University of Darmstadt in Germany details an exploit that takes advantage of the iPhone's low-power mode (LPM) to track location and perform various malware attacks.

LPM allows certain smartphone facilities - such as Bluetooth, near-field communication (NFC) and or ultra-wideband - to run even when the device is turned off or when its battery is depleted.

Functionality vs. security

The problem with such a system is that the Bluetooth chip cannot digitally sign or encrypt the firmware it runs, the report explains.

“The current LPM implementation on Apple iPhones is opaque and adds new threats. Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the overall iOS security model. To the best of our knowledge, we are the first who looked into undocumented LPM features introduced in iOS 15 and uncover various issues," the researchers state.

“Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.”

> This serious iPhone security flaw was exploited by a second Israeli spy firm

> Apple releases urgent security fix for iPhone and Mac devices

> Apple just patched a whole load of iPad, macOS and iPhone security bugs, so update now

Thankfully, abusing the flaw is far from practical, because the attacker would first need to jailbreak the iPhone, which is a feat in itself.

But in the unlikely case of a successful attack, the intruder would be able to operate more stealthily, as compromised firmware is almost impossible to detect.

Apple has been notified of the findings, the researchers have said, but has not yet responded to the disclosure. TechRadar Pro has also asked the company for comment.

Shield your device against attack with the best iPhone antivirus

Via Ars Technica

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.