The sneakiest iPhone malware? What works even when the phone is turned off: the Technische Universität of Darmstadt in Germany has published a study that tells how it is possible to exploit the bluetooth chip of Apple's smartphones to develop malicious software capable of breaking through security systems since a device is almost never completely without electricity and idle. A detail that not only the Californian brand, but in general all major manufacturers should consider more importantly.
Perhaps not everyone knows that when an iPhone is turned off there is always a minimum of activity inside the device, in particular to support the Where is function from iOs 15 onwards which locates a lost or stolen iPhone, but - as pointed out during the research - also for certain options related to nfc such as payments or digital keys even with battery 0%. According to the Darmstadt researchers, the firmware of the bluetooth chip (which allows you to use the Find My iPhone feature) does not include enough security, potentially leaving the door open for an exploit that could force the use of malicious code to track the precise position or start new functions even when the device is switched off with the main processor at rest.
Content This content can also be viewed on the site it originates from.
"The current LPM (Low Power Mode) implementation on Apple iPhones is opaque and adds new threats - the researchers write on the published paper - and since LPM support is based on iPhone hardware, it does not it can be removed with any system updates. Therefore, it has a lasting effect on the overall iOS security model. As far as we know, we are the first to look into the undocumented LPM features introduced in iOS 15 and uncover various issues. " How much is there to worry about this threat told by the German university? It seems that the range is not that wide as it should require a jailbroken iPhone, but it certainly represents the other side of the coin of very useful functions such as those for locating a stolen or lost iPhone as well as opening locks with digital keys. even with low battery. Researchers contacted Apple before publishing the study, but have not yet received a response.
Perhaps not everyone knows that when an iPhone is turned off there is always a minimum of activity inside the device, in particular to support the Where is function from iOs 15 onwards which locates a lost or stolen iPhone, but - as pointed out during the research - also for certain options related to nfc such as payments or digital keys even with battery 0%. According to the Darmstadt researchers, the firmware of the bluetooth chip (which allows you to use the Find My iPhone feature) does not include enough security, potentially leaving the door open for an exploit that could force the use of malicious code to track the precise position or start new functions even when the device is switched off with the main processor at rest.
Content This content can also be viewed on the site it originates from.
"The current LPM (Low Power Mode) implementation on Apple iPhones is opaque and adds new threats - the researchers write on the published paper - and since LPM support is based on iPhone hardware, it does not it can be removed with any system updates. Therefore, it has a lasting effect on the overall iOS security model. As far as we know, we are the first to look into the undocumented LPM features introduced in iOS 15 and uncover various issues. " How much is there to worry about this threat told by the German university? It seems that the range is not that wide as it should require a jailbroken iPhone, but it certainly represents the other side of the coin of very useful functions such as those for locating a stolen or lost iPhone as well as opening locks with digital keys. even with low battery. Researchers contacted Apple before publishing the study, but have not yet received a response.