According to a new investigation, malware may be loaded into an iPhone even while it is switched off. Researchers at the Technical University of Darmstadt in Germany discovered that a Bluetooth chip may be abused and hijacked to install malware on a device without the user’s knowledge, even while the phone is turned off. This is in light of the latest iOS 15 release, which features a function that allows you to find an iPhone even if it is turned off.
This new feature, according to Apple, will boost user security by allowing users to track down a lost or stolen phone even while it is turned off.
The study is the first—or at least one of the first—to look into the dangers presented by low-power processors. Not to be confused with iOS’s low-power mode for saving battery life, the low-power mode (LPM) in this study permits near-field communication, ultra-wideband, and Bluetooth chips to function in a specific mode that can stay active for up to 24 hours after a device has been switched off.
In a report released last week, the researchers noted, “The existing LPM implementation on Apple iPhones is opaque and introduces additional vulnerabilities.” “Because LPM support is built into the iPhone’s hardware, it cannot be disabled by software upgrades.” As a result, it has a long-term impact on the whole security paradigm of iOS. We believe we are the first to investigate undocumented LPM features introduced in iOS 15 and discover different concerns.”
The findings are of little practical utility since infection requires a jailbroken iPhone, which is a tough operation in and of itself, especially in a hostile environment. Nonetheless, malware like Pegasus, a sophisticated smartphone exploit tool from Israel-based NSO Group, might benefit from targeting iOS’ always-on functionality which comes in handy in post-exploit circumstances.
