A method of running malware on a iPhone even when it is off it has been discovered

Share This Post

Since the release of iOS 15, we’ve been able to locate a lost iPhone with Find My even after powering the device off. On iPhone 11, iPhone 12, and iPhone 13 models, the UWB chip helps keep the device findable even if you’ve shut off your iPhone or the battery dies. This also allows the iPhone’s Express Transit mode to keep working, but The Hacker News reports that researchers have found a problem with this. Academics from the Secure Mobile Networking Lab at the Technical University of Darmstadt outlined the threat in a recent study. They’ll be presenting their findings at the ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2022) this week in San Antonio.

Here’s a frightening notion. When you believe you’ve shut off your iPhone, there’s a way to tamper with the firmware. Researchers uncovered the weakness in an unprecedented security examination of the iOS Find My feature. Malware may be executed on the iPhone even while it is turned off. This new attack surface takes use of specific components in the iPhone that continue to run even after you turn off iOS. These Bluetooth, Near-Field Communication (NFC), and ultra-sideband (UWB) wireless processors continue to operate even in the “power reserve” Low Power Mode (LPM).


  • The only good news here is that such an attack vector wouldn’t be easy. The researchers say for such a firmware compromise to happen, the attacker needs to find a way to communicate. They say one way to do this is through the operating system (meaning while the iPhone is running). Attackers could also modify the firmware image, requiring physical access to the iPhone. The third method would be to gain code execution on an LPM-enabled chip using an existing flaw like BrakTooth.

  • Wireless Chips Have Direct Access to Secure Element. Apple hardwires the Bluetooth and UWB chips to the Secure Element in the iPhone’s NFC chip, the researchers found. This allows them to store “secrets that should be available in LPM.” The researchers found that the Bluetooth firmware remains unsigned and unencrypted. This provides a loophole, they say, that gives an attacker privileged access to the iPhone to inject malware via the Bluetooth chip even after powering the device off. Since Apple implements Low Power Mode at the hardware level, the tech giant can’t just turn it off in iOS. Therefore, you can’t trust all of your wireless chips to be turned off when you shut down your iPhone.

“Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates,” the researchers said. “Thus, it has a long-lasting effect on the overall iOS security model.” Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.


Related Posts

For iOS 16 and macOS Ventura, Safari will support AVIF

It took ten years for Safari to support WebP,...

iPhone 14 parts are now being shipped from Apple providers

Trying to Get Ahead of Possible Supply Chain Constraints....

Now that CarPlay is out, you can use it on your Tesla with just two Raspberry Pi’s

Tesla Android Project in action – driving around with...

Service packages could be where Apple TV + finds its purpose

“Apple TV+ will likely never be material financially for...

A Google Maps competitor announces a significant update to its own iPhone and android navigation app

Earlier this month, the company updated its mobile applications...