Your dead iPhone can be hacked, claims a research paper. Learn more

We always believe that a turned off phone thwarts the attack, it cannot be tracked or tracked continuously, but cybercriminals find ways to penetrate even a turned off phone. We also consider the iPhone to be the most secure of all mobile devices, but it can also become vulnerable. Researchers from the Secure Mobile Networking Lab at the University of Darmstadt, Germany, have published a paper describing a theoretical method of hacking an iPhone, even if the device is turned off.

According to Kaspersky’s blog, the study looked at how wireless modules work, found ways to analyze Bluetooth firmware and, as a result, introduced malware that could run completely independently of iOS. , the operating system of the device.

In 2021, Apple announced that the Find My service, which is used to locate a lost device, will now work even if the device is turned off. This improvement is available on all Apple smartphones since iPhone 11. Even if lost, it does not completely shut down, but enters a low-power mode, in which only a very limited set of modules is kept alive . These are mainly Bluetooth and Ultra WideBand (UWB) wireless modules, as well as NFC.

Bluetooth in low-power mode is used for data transfer, while UWB – to determine the location of the smartphone. In low power mode, the smartphone sends information about itself.

German researchers conducted a detailed analysis of the Find My service in low-power mode and discovered previously unknown features. After power down, most of the work is handled by the Bluetooth module, which is recharged and configured by a set of iOS commands. It then periodically sends data packets over the air, allowing other devices to detect the not-really-powered iPhone.

The main finding was that the firmware of the Bluetooth module is not encrypted and is not protected by Secure Boot technology. The lack of encryption allows for firmware scanning and scanning for vulnerabilities, which can then be used in attacks. The absence of Secure Boot allows an attacker to go further and completely replace the manufacturer’s code with its own, which the Bluetooth module then executes.

To subscribe to Mint Bulletins

* Enter a valid email

* Thank you for subscribing to our newsletter.

Comments are closed.