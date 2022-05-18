The myth that iPhones do not get infected with viruses is over, proof of this is that a malware manages to work even with the iPhone turned off. The main reason why this might happen is that when you turn off an iPhone, it doesn’t really turn off completely.

The chips inside an iPhone continue to work when turned off, only that way they stay in a low-power mode. This is so that security features, such as locating lost or stolen devices using the Find My feature, as well as using credit cards and car keys after the battery runs out, are possible.

Always active chips, the back door of the iPhone

However, that an iPhone is always working even when it is turned off can be beneficial, but it is also a great danger. Proof of this is that a group of researchers found a way to abuse this mechanism to run malware that will work even when the iPhone is turned off.

The responsibility for this vulnerability lies primarily with the iPhone’s Bluetooth chipbecause it is the hardware that allows tools like Find My to work, but it does not have any mechanism for digital signatures and cannot encrypt the firmware either which executes.

Researchers at the Technical University of Darmstadt in Germany are responsible for the discovery of this security flaw, which is an accessible exploit on an iPhone that would allow the malicious firmware to be executed. This malware allows the attacker to track the phone’s location and run new features when the device is powered off.

This research shows the dangers that a low-power chip in iOS, called LPM, which are responsible for near field communication, ultra wide band and Bluetooth. This tool allows them to work in a special mode that can stay on for 24 hours after a device is turned off.

Android cannot be attacked if it is turned off

The reason why a mobile Android can’t be attacked while it’s turned off, because it doesn’t have this low-power chip that iPhones use. This is a clear reason why this simply cannot happen, without nuance.

But the main challenge that Apple currently has is that This bug cannot be removed with system updates, since it is a hardware issue. This means that this backdoor is not solvable, at least on phones that are already on the market, and it will remain that way in the general iOS security model.

Research indicates that Find My after power off turns powered off iPhones into tracking devices basically, but its implementation within the bluetooth firmware is not protected against tampering, in any way.

Indeed, This is laboratory research that has little chance in the real world. For an infection of this type to take place, the iPhone must be jailbroken, something that is already a difficult task and also requires a physical exposure of the mobile to achieve it.

Nevertheless, It is not an exaggeration to talk about these vulnerabilities, after proven attacks with malware such as Pegasuswhich could then work inside an iPhone, even if it was turned off.

The tricky thing about this type of malware being able to actually run is that firmware infections are extremely difficult to detect. Especially, Apple’s LPM system allows the chip to maintain the battery level, which opens up a stealthy field for the infection to move, even almost invisibly.

For now, Apple has not given an official response on the matter, since before the article was published by researchers from the Technical University of Darmstadt in Germany, Apple engineers were consulted about it; however, no comment was received from the company.

The truth is your iPhone could be exposedeven being turned off, but you wouldn’t know it.

Via: Ars Technica

