Without informing its users too well, Apple has provided iPhone phones with hardware that stays on and can receive / transmit wireless signals even when the phone is, in theory, turned off. Inevitably, someone has found a way to sneak malware into that part of the phone that never “sleeps”.
This is the bluetooth chip built into all iPhone phones and used, for example, to locate them in case they get lost or lost, calling the Find My feature. Few realize that this capability also works with the phone completely turned off (e.g. after its battery is discharged), the iPhone working like an Apple AirTag device, repeatedly transmitting an identification code via Bluetooth connection that allows it to be located using other nearby Apple devices.
However, given how rudimentary the above-mentioned functionality is, you certainly can’t do much with a possible computer attack against this piece of hardware. Certainly this is exactly what Apple engineers thought when they decided that protecting this chip isolated from the phone’s main firmware is not worth the effort to implement sophisticated security systems.
The vulnerability is reported by academicians from the Technical University of Darmstadt in Germany, who experimentally managed to modify the micro-firmware responsible for managing bluetooth connectivity, becoming a hypothetical attacker to track the phone’s location and even execute certain commands when the phone is switched off.
The research is the first – or at least among the first – to study the risk posed by chips running in low power LPM mode (different from the low-power mode activated when the iPhone battery is almost discharged). Specifically, some iPhone-capable wireless communication modules continue to operate for at least 24 hours after the phone has been switched off, using the Power key or by automatically shutting down when the battery is discharged.
The functionality intended by Apple to assist in the retrieval of lost phones by calling the Find My function thus raises serious concerns for those who would expect to obtain digital invisibility by simply turning off the iPhone. Apparently, in order to successfully fake any monitoring attempts, you need to completely get rid of your iPhone, simply turning off the phone is not enough.
But the bad news doesn’t stop there, as it is theoretically possible to infect chips with upgradable firmware as well, in case hackers discover security flaws that are susceptible to over-the-air operations. In addition to the fact that the infiltrated malware will be able to run while the iPhone is turned off, LPM exploits are also extremely difficult to detect, requiring a very detailed technical expertise and equipment that is not available to everyone, in order to say for sure whether or not your iPhone is compromised by this method.