Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

Researchers devise iPhone malware that runs even when device is turned off

Accepted submission by Freeman at 2022-05-18 13:52:58 from the is it off off dept.
Security

https://arstechnica.com/information-technology/2022/05/researchers-devise-iphone-malware-that-runs-even-when-device-is-turned-off/ [arstechnica.com]

When you turn off an iPhone, it doesn’t fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies. Now researchers have devised a way to abuse this always-on mechanism to run malware that remains active even when an iPhone appears to be powered down.

It turns out that the iPhone’s Bluetooth chip—which is key to making features like Find My work—has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off.

This video [youtube.com] provides a high overview of some of the ways an attack can work.
[...]
“The current LPM implementation on Apple iPhones is opaque and adds new threats,” the researchers wrote in a paper [arxiv.org] published last week.


Original Submission