Find out how to install malicious code on iPhone even when it is powered off
In one of the first security analyzes of the Find My functionality on iOS, security researchers have uncovered a new attack surface. Specifically, hackers can tamper with firmware and upload malicious code to the Bluetooth chip, which operates even when the iPhone is powered off.
This mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near Field Communication (NFC), and ultra-wideband (UWB) will continue to work when iOS has turned off iPhone and entered standby mode. Low Power Mode (LPM) energy storage.
This is the solution that Apple came up with to enable features like Find My and support Express Card transactions even when the iPhone is powered off. In addition, all three wireless chips have direct access to the security magnetic section. Therefore, on iPhone models that support find even when powered off, the wireless chips cannot be abused even when the device is turned off, posing a new threat model.
The LPM feature, introduced by Apple last year with iOS 15, makes it possible to find your device using Find My even when the battery is dead or the power is off. Currently, iPhone models that support UWB include iPhone 11, iPhone 12, and iPhone 13.
When you power off these iPhone models, you'll get a message that says: iPhone can still be found after powering off. Find My helps locate this iPhone when it's lost or stolen, even when it's in power reserve mode or when it's powered off."
The researchers said Apple was not strict in the implementation of LPM. Sometimes the process of launching Find My ads also fails during power off. Furthermore, they discovered the Bluetooth firmware had no digital signature or encryption at all.
By taking advantage of the above loopholes, hackers with privileged access can create malicious code that can execute on the iPhone's Bluetooth chip even when it is powered off.
However, to be able to compromise firmware hackers must be able to interact with the firmware via the operating system, modify the firmware image or execute code on the LPM-enabled chip over the network by exploiting vulnerabilities such as BrakTooth,
The new attack method and vulnerabilities were responsibly reported by the researchers to Apple, but the Apple side remained silent and did not respond. Therefore, the research team presented their findings at the ACM Conference on Security and Privacy under the framework of the International Mobile and Wireless Networks (WiSec 2022) event that just took place.
Researchers believe that when designing LPM, Apple only cares about functionality and ignores security. Therefore, Apple needs to make adjustments to ensure user safety.
You should read it
- 10 million Android devices are preinstalled with malicious code from the factory
- 14 games on the App Store contain malicious code, iPhone users be careful
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Warning: New malicious code is infecting about 500,000 router devices
- After WannaCry, Petya's 'extortion' malicious code is raging, this is a remedy to prevent
- The appearance of malicious code makes iMessage on iPhone be stifled and remedied
- Malicious code is growing up
- Most Android anti-virus software cannot detect malicious APK files
- Find bug in Emotet malware, prevent it from spreading for 6 months
- App Installer on Windows 10 was used to install BazarLoarder malware
- Detects malicious code showing porn ads in children's games on Google Play
- Malware sneaks into iOS through Apple's official distribution channels
Maybe you are interested
How to turn off contact photos in iPhone Mail
Apple's 'shot on iPhone' ads don't reflect the truth
How to Easily Move All Passwords from iPhone to Android
How to use Clean Up feature on old iPhone
Download Clash of Clans for Android, iPhone and PC new version
3 Ways to delete Apple ID account on iPhone, iPad