It's unlikely to be closed, but most users have nothing to worry about. -vykljuchennyj-smartfon-a820bc1.jpg” alt=”A vulnerability has been discovered in the iPhone that allows tracking even a switched off smartphone” />
Daria Gromova
Researchers at the Darmstadt University of Technology (Germany) have discovered an Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones [PDF] vulnerability in the iPhone's Low Power Mode (LPM). It potentially poses a serious security risk, allowing attackers to run malware even on devices that are turned off.
The authors note that LPM, which is the subject of this study, should not be confused with iOS low power mode, which is used to save battery power.
The LPM mode appeared in iOS 15. It is activated when the smartphone is turned off – both manually by the user and automatically due to low battery. Although the device appears to be completely turned off, LPM continues to provide NFC, Ultra WideBand, and Bluetooth for 24 hours.
This ensures that Find My iPhone, digital car keys, and travel cards continue to work even after the device's battery is depleted .
The researchers believe that such a feature creates a new threat model. Since LPM support is implemented in hardware, it cannot be removed by changing software components. As a result, it is not possible to turn off all modules along with the smartphone.
According to the authors, the Bluetooth firmware is not signed and encrypted, which will allow an attacker to create malware that can work on the iPhone's Bluetooth chip even when the device is turned off – for example, to track its location and share it with third parties.
However, in practice, applying this exploit is an extremely difficult and time-consuming task. An attacker will have to gain physical access to the smartphone, hack it, jailbreak the iPhone, and only then gain access to the Bluetooth chip and use it.
In other words, although the function increases the security of most users by allowing them to find lost or stolen smartphone after being turned off, it also potentially endangers users who could be subjected to a targeted targeted attack.
Researchers informed Apple of their find, but at the time of publication of the report, they had not received a response from the company.
Cover: Austin Distel/Unsplash