iPhones Can Run Malware While Turned Off, Researchers Discover

pcmag.com:

Do you think turning off your iPhone means it's safe from malicious activity? Think again.

As Ars Technica reports(Opens in a new window), a team of researchers at the Technical University of Darmstadt in Germany discovered it's possible to run malware on an iPhone that has been turned off. The reason this is possible comes down to how the Find My feature works.

As the video below explains, it's still possible to locate an iPhone that has been turned off using the Find My feature, which relies on a Bluetooth chip running in a low-power mode (LPM) set aside for NFC, ultra wideband, and Bluetooth functionality. What the researchers found is that the Bluetooth chip firmware isn't encrypted and requires no digital signing. It's therefore possible to exploit the lack of security and run malicious firmware on the chip instead.

The researchers state in their paper(Opens in a new window), entitled "Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones," that the "design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications." The Find My feature falls into this category, and is exploitable in iOS 15.

The good news is, taking advantage of this security oversight requires a jailbroken iPhone. However, the research has highlighted a risk exists for always-on features of iPhones to be exploited in the future, especially if Apple isn't implementing firmware protection for the chips that are allowed to run in this LPM state.

Apple was contacted by the research team regarding the potential security risk this poses, but has yet to respond. Apple engineers did take the time to review the research paper before it was published, though. As the