Hackers can break into your iPhone even when it’s switched off

An iPhone is never really turned off

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers have discovered a way to runmalwareonApple’s iPhones, even when the device is switched off.

A report published by the Technical University of Darmstadt in Germany details an exploit that takes advantage of the iPhone’s low-power mode (LPM) to track location and perform various malware attacks.

LPM allows certain smartphone facilities - such as Bluetooth, near-field communication (NFC) and or ultra-wideband - to run even when the device is turned off or when its battery is depleted.

When an iPhone is shut down, it’s never truly off, as these components can still run 24/7. The idea is that people will still be able to their on-device wallets and keys, even when they are out of battery.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

Functionality vs. security

The problem with such a system is that the Bluetooth chip cannot digitally sign or encrypt the firmware it runs, the report explains.

“The current LPM implementation onAppleiPhones is opaque and adds new threats. Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the overall iOS security model. To the best of our knowledge, we are the first who looked into undocumented LPM features introduced in iOS 15 and uncover various issues," the researchers state.

“Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

This serious iPhone security flaw was exploited by a second Israeli spy firm>Apple releases urgent security fix for iPhone and Mac devices>Apple just patched a whole load of iPad, macOS and iPhone security bugs, so update now

Thankfully, abusing the flaw is far from practical, because the attacker would first need to jailbreak the iPhone, which is a feat in itself.

But in the unlikely case of a successful attack, the intruder would be able to operate more stealthily, as compromised firmware is almost impossible to detect.

Apple has been notified of the findings, the researchers have said, but has not yet responded to the disclosure.TechRadar Prohas also asked the company for comment.

ViaArs Technica

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report