Researchers have managed to craft malware, particularly for iPhone, which continues to operate even when the device is turned off.
Every time you switch off your iPhone, think again if you’re really safe from all the possible hackers. When an iPhone is switched off, it doesn’t completely shut down. The chip inside this device continues to operate in a mode known as ‘low power,’ enabling it to find stolen or lost iPhones using the ‘Find My” app or via car keys or credit cards even when the battery dies.
It reveals the Bluetooth chip of iPhone, which is a fundamental factor of features such as Find My, contains no mechanism to be digitally signed or encrypted by the firmware on which it operates.
The academics department at the Technical University of Darmstadt (Germany) reckoned how to utilize this deficiency of inurement to run a malicious firmware allowing hackers to find the phone’s location or even access other features if your device is switched off.
The Low-Power Mode feature
The research has been said to be the first to assess the risks posed by low-power mode Bluetooth chips. However, don’t get misguided with the iOS’s low-power mode to conserve battery life. This low-power mode enables the chips to account for nearest communication, Bluetooth, and ultra-wideband to function in a specialized mode which remains active only for a day after iPhone is switched off.
The paper published by researchers last week stated;
“The current LPM implementation on Apple iPhones is opaque and adds new threats. Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the overall iOS security model. To the best of our knowledge, we are the first who looked into undocumented LPM features introduced in iOS 15 and uncover various issues.”
They further added;
“Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.”
The outcomes have limited realistic value since the malware requires a jail-broken iPhone, which is quite a challenging task, especially in an oppositional setting. Nonetheless, aiming at the always running iOS feature, which could be convenient after exploitative situations by malware like Pegasus, one of the most refined smartphone exploit Israel-based tool from NSO group, that organizations globally employ to infiltrate on rivals.
Moreover, infecting a chip may be possible when a hacker discovers a major security defect that is vulnerable to the one which worked against Androids.
Apart from letting malware run when iPhone is switched off, exploits directing the low-power mode would enable the malware to function with much secrecy since low-power mode helps firmware preserve battery power. In addition to this, firmware infections seem to be also extremely challenging to discover since they require substantial expertise and exclusive equipment.
The research further stated that the Apple engineers revised their report before its publication, but the company representative never really delivered any relevant comment on its content. Apple representatives didn’t answer any emails looking for feedback on this story.
In the long run, the features like Find My empowered by low-power mode help add a layer of security as they let users locate stolen or lost iOS devices and even unlock or lock car doors when the batteries are down. However, the research has exposed a vague aspect that has gone unnoticed.
4 hours ago
