Researchers from the Darmstadt University of Technology have developed an iPhone malware that can run even when the device is turned off.
It all started when scientists investigated the implementation of low-power mode (LPM) on the iPhone and found that it carries serious security risks and even allows attackers to run malware on devices that are turned off.
Experts say these risks cannot be ignored, especially when it comes to journalists, activists and others that could be targeted by well-funded attackers.
Let me remind you that we reported that Raspberry Robin Malware Has Worm Features and Abuses Windows Installer, and also that RedLine Stealer Malware Masks as Bots to Buy Binance NFT Mystery Boxes.
Expert analysis found that on an iPhone running iOS 15, Bluetooth, NFC and Ultra-wideband (UWB) wireless communications remain active even after the device is turned off.
Having come to this conclusion, the researchers tested the operation of applications using LPM (for example, Find My), and also assessed their impact on the security of hardware and firmware.
Since the attack described in the report is still a concept, as part of their analysis, the experts suggested that the attacker already has privileged access to the firmware, can send special commands, change the firmware image, or execute code remotely. It turned out that if the firmware was compromised, the attacker can retain some control over the victim’s device even after it is turned off, and this can be quite useful for persistent exploits.
In the case of the hardware component, the researchers suggested that an attacker could not compromise the hardware directly. They focused on determining which components could be enabled without the user’s knowledge, and which applications could be used.
The report details how the Bluetooth LPM firmware can be modified to run malware on iPhone 13 even when the device is turned off. Scientists explain that such an attack is possible due to the fact that the firmware is not signed and encrypted, and secure boot is not even enabled for the Bluetooth chip.
Also, UWB in LPM is required to support modern car keys. Bluetooth and UWB are now hardwired to the SE and are used to store autokeys and other secrets. Given that Bluetooth firmware can be manipulated, SE interfaces become available to iOS. However, SE is specifically designed to protect secrets, considering that iOS and applications running on it can be compromised.the researchers write.
Experts believe that Apple should add some kind of hardware switch to turn off the battery in its devices, which should improve the situation. Also, the research team has published open-source tools InternalBlue and Frankenstein, which can be used to analyse and modify the firmware.
The researchers said they reported their findings to Apple engineers, but have yet to receive any comment about the company.