The iPhone didn’t shut down completely when it turned off. The chip inside the device continues to operate in a low-power mode, so the Find My function can be used to locate a lost or stolen device, or to use a credit card and car keys when the battery is depleted. Now researchers have devised a way to abuse this always-on mechanism to run malware that can remain active even when the iPhone is turned off. It turns out that the iPhone’s Bluetooth chip — which is the key to features like Find My — doesn’t have a mechanism to digitally sign the running firmware, or even encrypt it. Academics at the Darmstadt University of Technology in Germany figured out how to exploit this lack of protection to run malicious firmware that would allow attackers to track the phone’s location or run new features after the device is turned off. This video provides a high-level overview of possible attacks. The real value of this finding (PDF) is limited, as infection requires jailbreaking the iPhone, which is a difficult task in itself, especially in a confrontational environment. Nonetheless, it would be handy for malware such as Pegasus, the sophisticated smartphone attack tool of Israel’s NSO group that countries around the world use to spy on adversaries, after a successful attack, to take advantage of the always-on feature in iOS. In addition to allowing malware to run when the iPhone is turned off, exploits targeting LPM can also allow malware to run more stealthily because LPM allows firmware to conserve battery power. Of course, firmware infections are already very difficult to detect because it requires a lot of expertise and expensive equipment.
This article is reprinted from: https://www.solidot.org/story?sid=71546
This site is for inclusion only, and the copyright belongs to the original author.