New research proves that iPhones can be tampered with even when the device is off. According to the Secure Mobile Networking Lab at the Technical University of Darmstadt, iPhones have an attack surface that allows hackers to damage the firmware and install malware into a Bluetooth chip when the iPhone is off. This is the first security analysis, as most other researchers have overlooked the dangers of malware infiltrating the iPhone when the device is off. It turns out “Evil Never Sleeps” echoes the title of the Secure Mobile Networks Lab research report.
This type of attack can be orchestrated by taking advantage of the wireless chips related to Bluetooth, specifically the Near-field communication and ultra-wideband. These wireless chips continue to operate even when the iOS device is shut down when going into “power reserve ” Low Power Mode (LPM).
The iPhone does this to enable its beloved and useful features like Find My and Express Cards to function even after the phone is dead. The unfortunate part is that all three wireless chips mentioned above have direct access to the Secure Element. According to the analytical report, the Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip. This connection is necessary for the device to perform the earlier tasks while in Low Power Mode.
LPM support is implemented in the hardware, and it can not be altered by changing the composition of the software. This means that these wireless chips are a liability on modern iPhones when they are off, as they can be exploited. The report notes that this threat model is entirely new and needs to be explored further.
The LPM feature was introduced just recently with iOS 15. It makes it possible for users to use the Find My app even when the device you are looking for is turned off – a great addition to an already useful application. When turning off the iPhone that supports this feature, you will see the following message “iPhone remains findable after power off. Find My helps you locate this iPhone when it is lost or stolen, even when it is in power reserve mode or powered off.”
While we’re sure that the intentions behind this update were good, there was not enough oversight specifically regarding the potential dangers and shortcomings of the current LPM implementation. Besides the apparent security hazard, many people have struggled to use this Find My feature when the device is off. Researchers behind the report also noted that the Bluetooth firmware was neither signed nor encrypted, making this feature look more like an additional security hazard than a helpful improvement.
iPhone is slowly but surely losing the status of an untouchable device due to malware and hacking. This report is yet another reminder that digital security requires constant effort. One of the ways you can protect your devices is by concealing your IP and using a VPN. This way, you will ensure that hackers won’t target you just by looking at your public information. Hackers will often single out online users who do not use cyber safety precautions when browsing online and pick them as an easy target. Being proactive about your security is the best way to stay ahead of these threats and prevent cyber attacks on your devices.
While there is no immediate solution to this particular challenge, the team behind the report will share their findings with a wider audience. They will be present at the ACM Conference on Security and Privacy in Wireless and Mobile Networks in the upcoming days. The research team will warn the attendees about how this loophole can be exploited to spread awareness and prevent possible hacking incidents. A threat actor with privileged access is more than capable of creating malware that will be able to execute on an iPhone Bluetooth chip, even when it is powered off.
Although this doesn’t mean that it’s going to be easy, for such malware to work, the attacker must be able to communicate with the firmware via the operating system; it will need to change the LPM application thread. Research says that if successful, the attacker will be able to change the existing setting, or add new features, basically controlling the entire device. Apple was alerted to the issue, but the researchers have yet to hear back from the tech giant.