Malware for iPhone Can Work Even When the Device Is turned off reads

Researchers from the Darmstadt University of Technology have developed an iPhone malware that can run even when the device is turned off.

It all started when scientists investigated the implementation of low-power mode (LPM) on the iPhone and found that it carries serious security risks and even allows attackers to run malware on devices that are turned off.

Experts say these risks cannot be ignored, especially when it comes to journalists, activists and others that could be targeted by well-funded attackers.

Let me remind you that we reported that Raspberry Robin Malware Has Worm Features and Abuses Windows Installer, and also that RedLine Stealer Malware Masks as Bots to Buy Binance NFT Mystery Boxes.

Expert analysis found that on an iPhone running iOS 15, Bluetooth, NFC and Ultra-wideband (UWB) wireless communications remain active even after the device is turned off.

The Bluetooth and UWB chips are hard-wired to the Secure Element (SE) in the NFC chip and store secrets that need to be available in the LPM. Since LPM support is implemented in hardware, it cannot be disabled by changing software components. As a result, current iPhones can no longer be trusted to turn off wireless chips after being turned off.the report from the research team reads.

Having come to this conclusion, the researchers tested the operation of applications using LPM (for example, Find My), and also assessed their impact on the security of hardware and firmware.

Since the attack described in the report is still a concept, as part of their analysis, the experts suggested that the attacker already has privileged access to the firmware, can send special commands, change the firmware image, or execute code remotely. It turned out that if the firmware was compromised, the attacker can retain some control over the victim’s device even after it is turned off, and this can be quite useful for persistent exploits.

In the case of the hardware component, the researchers suggested that an attacker could not compromise the hardware directly. They focused on determining which components could be enabled without the user’s knowledge, and which applications could be used.

The report details how the Bluetooth LPM firmware can be modified to run malware on iPhone 13 even when the device is turned off. Scientists explain that such an attack is possible due to the fact that the firmware is not signed and encrypted, and secure boot is not even enabled for the Bluetooth chip.

The design of LPM features is obviously driven by functionality, with no regard for risks beyond the intended applications. Find My turns turned off iPhones into tracking devices after, and the Bluetooth firmware implementation is not immune to manipulation.

Also, UWB in LPM is required to support modern car keys. Bluetooth and UWB are now hardwired to the SE and are used to store autokeys and other secrets. Given that Bluetooth firmware can be manipulated, SE interfaces become available to iOS. However, SE is specifically designed to protect secrets, considering that iOS and applications running on it can be compromised.the researchers write.

Experts believe that Apple should add some kind of hardware switch to turn off the battery in its devices, which should improve the situation. Also, the research team has published open-source tools InternalBlue and Frankenstein, which can be used to analyse and modify the firmware.

The researchers said they reported their findings to Apple engineers, but have yet to receive any comment about the company.

Leave a Comment

About William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several months after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master's degree in cybersecurity, I've started working as a virus analyst in a little anti-malware vendor.