What would you do if you found something on your phone?
Turn the darn thing off to stop snooping. Even that might not be enough.
Researchers at the Technical University of Darmstadt came up with a new type of malicious software that could run even when your phone is not on. I'm not talking about a fake power-off screen.
You shout. How can a program run without electricity? The simple answer is that these days, devices are rarely fully off.
The research is summarized in a video.
The exploit uses the Low Power Mode on the iPhone Xr and Xs. When the rest of the phone is off, the chips can sip a little power.
These chips can run indefinitely, allowing your phone to be localizable via Find My, as well as enabling features like Express Cards and Car Key to remain operational.
It's useful if you lose your phone, but it also opens the door to a new kind of malicious software that can run until your battery is completely empty.
The main processor can't run the main chip's own firmware. According to the researchers, this firmware is completely unsigned, has no protection against modification, and attackers could run any type of software even after a shutdown.
The secure element in Apple's chip stores information for Apple Pay, Car Keys, and Express Cards. The information stored in the secure element can be accessed by attacking the chip.
Since LPM support is implemented in hardware, it can't be removed by system updates. It's difficult to detect exploits that use low power modes because they cause more battery drain.
It's worth noting that the exploit detailed in the paper requires a jailbroken iPhone, which will decrease the chances of regular users being affected by it. The findings of the researchers were shared with Apple, which will likely address these concerns on future devices.
There is a new opportunity for bad guys to exploit with every convenient new feature. It is possible for hackers to find ways to hack into phones remotely. We don't find out about others until it's too late.
The researchers acknowledge that LPM applications are meant to increase security and safety for most users, but say Apple should add a hardware-based switch to disconnected the battery. Such a change would improve the situation for privacy-concerned users.
Via Ars Technica.