iPhones are Susceptible to Outside Access Even When Off
Table of Contents
- By Patrick Ryan
- May 18, 2022
Attention iPhone users: your phone might be susceptible to hacking attacks even when in the off mode. Powering down the device still allows the NFC, Bluetooth, and UWB to remain functional. The activation of these features, even when the device is off, enables digital miscreants to implement malware.
Why are iPhones Vulnerable?
The hackers behind the latest strategy for attacking iPhones take advantage of Apple’s standalone features to access the web wirelessly. NFC, short for Near Field Communication, Ultra-wide-band or UWB, and Bluetooth tech, is implemented standalone. As a result, these components are on even when the iPhone is off. Such features allow hackers to access the Secure Element in which information is stored. Hackers can access such sensitive data even when the phone is in the off position.
Hackers are using the vulnerability in an attempt to transmit malware onto a chip that is executed when the phone is not on or in use. In other words, wireless malware can remain on and active even when the targeted iPhone device is off and has been off for hours. The compromised wireless features allow hackers to obtain sensitive information ranging from banking login details to credit card information and more.
How is the Attack Performed?
The digital attack method would center on loading the malware onto the targeted phone for subsequent execution. The device would have to be off for the malware to be activated. As long as the hackers had remote code execution or access at the system level, they would be able to execute the malware. Even currently known flaws could be exploited for access. If you have not yet upgraded your iphone's digital security protections, now is the time to do so.
Why Does the Flaw Exist?
The underlying cause of the problem is the way the lower power mode of chips used wireless in smartphones is implemented. The chips can run on low power mode or the phone’s power-saving app that helps preserve battery life. The low power mode is activated when the phone is turned off or the operating system shuts off because of a low battery. The low power mode heightens convenience yet also presents new and unique threats.
Low power mode support hinges on the phone’s underlying hardware, meaning it cannot be altered with a system update. The engineers behind the phone shouldn’t have allowed UWB and Bluetooth chips to be connected to the NFC chip’s SE, which exposes sensitive information.
Is It Possible to Prevent Vulnerability by Changing Software?
The LPM support is within the hardware, so it is impossible to remove it by altering the software. Therefore, wireless chips in today’s iPhones have the potential to remain functional even after the device has shut down.
If the attacker has remote code execution or access at the system level, possibly through a digital security weakness or flaw, and has the potential to alter the firmware of components related to LPM, ultimately controlling the target phone even when its user powers are in the off position. Though such an attack might not prove profitable when targeting an everyday individual, it can potentially steal valuable information, especially from individuals in positions of power.