Your iPhone Is Vulnerable to a Malware Attack Even When It’s Off

It doesn't fully power down when you turn it off. It is possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies, because chips inside the device continue to run in a low-power mode. Researchers have come up with a way to abuse this mechanism to run malicious software even when the phone is not in use.

It turns out that the iPhone has no mechanism for digitally signing or even encrypting the software it runs. Academics at Germany's Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious software that can be used to track the phone's location or run new features when the device is turned off.

The video gives a high overview of how an attack can work.

The risk posed by chips running in low-power mode is being studied for the first time. The low-power mode (LPM) in this research allows chips responsible for near-field communication, ultra wideband, and Bluetooth to run in a special mode that can remain on for 24 hours.

The current LPM implementation on the Apple iPhones is opaque and adds new threats, according to a paper published last week. It has an effect on the security model. We are the first to look into the undocumented LPM features introduced in the newest version of the software.

The design of LPM features seems to be mostly driven by function, without considering threats outside of the intended applications. Find My after power off turns the iPhones into tracking devices, and the implementation within the Bluetooth firmware is not secured against manipulation.

The findings have limited real-world value since it is difficult to hack an Apple device in a hostile setting. Targeting the always-on feature in Apple's mobile operating system could prove useful in post-exploit scenarios, such as the NSO Group's sophisticated smartphone exploit tool, which governments worldwide routinely use to spy on adversaries.