Researchers have developed malware to attack your iPhone even when it’s turned off

Is there some kind of karmic law that when a new technology or function is released to make life easier for users, there is someone somewhere trying to divert it from its primary purpose to cause even more damage? One might be tempted to believe it.

Progress for users

Thus, since iOS 15, recent iPhones do not turn off completely, even when they are… turned off. It is a novelty, called Low Power Mode (LPM), which should not be confused with the energy saving mode (accessible in Settings / Battery). It ensures that certain chips, such as Bluetooth, Ultra Wide Band and NFC modules, remain active when the iPhone turns off because it no longer has enough battery or because its user has chosen to do so.

This function allows you to continue unlocking your car with your smartphone, to display your NFC cards for transport, for another five hours after switching off the iPhone, or to facilitate the location of the device, up to 24 hours after stopping. Perfect if you misplace your phone. Ideal, too, it seems, to enable new kinds of malware attacks.

Also see video:

Evil(ware) never sleeps…

German researchers have thus published an article, entitled Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones. We learn – and this is probably a first – how they found a way to use this state of permanent availability to allow the execution of a malware.

The device’s Bluetooth module, essential for the Locate function, does not include any mechanism to digitally sign or encrypt its firmware. Now, Darmstadt scholars have found a way to exploit this weakness to execute a firmware malicious, which makes it possible to follow the trace of the smartphone or to run new functions, even when the iPhone is off.

However, if this exploit shows the risk posed by the low power mode of the iPhone (not when it seeks to save its battery, but when it is turned off), the danger is still relatively small. Indeed, it is necessary for the “attack” to work that the iPhone is jailbroken. A task that is not the easiest.

A novelty that will complicate the protection of smartphones

Nevertheless, it is quite possible to imagine that this new attack method could be coupled with the use of other advanced tools such as the infamous Pegasus, of the Israeli computer spy company, NSO Group. It could also be a way for an attacker to recover sensitive data without the user knowing or suspecting it since their device is turned off.

The firmware hack is very difficult to spot in normal times, but it becomes even more so when the smartphone is not supposed to work. A fairly commonly used method, which consists of simulating a shutdown of the device, by cutting off its screen, can be detected, because it will reduce the autonomy of the iPhone. But this is not the case with LPM, explain the Darmstadt researchers.

We knew until now that in case of compromise of an iPhone, Airplane mode was not a guarantee of being protected against data theft. But the LPM obviously opens new doors, and as many fears.

Moreover, since the LPM function is implemented at the hardware level, so that the wireless modules can be activated without the intervention of iOS, it is not possible to develop a simple software patch…

The German researchers say they submitted their detailed publication to Apple before making it public. The American giant, however, would not have made any comment. Hopefully its engineers are working on a quick fix. It would seem in any case that each new function is, for hackers, a new attack surface, not surprising since the Low Power Mode iOS is no exception to the rule…

Source : Ars-Technica

We want to thank the writer of this short article for this outstanding content

Researchers have developed malware to attack your iPhone even when it’s turned off

You can view our social media profiles here as well as additional related pages here.