Scroll Top

Researchers show it’s possible to load malware onto switched off phones


When your smartphone is off it isn’t and that means certain active components can be hacked even when you think they can’t.


Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential Universityconnect, watch a keynote, read our codexes, or browse my blog.

With the latest iOS, it’s possible to locate your iPhone even if it’s powered off. That’s because even when the iPhone is turned off, certain wireless chips remain on, allowing the phone to still send signals that can help locate it.


See also
Google goes all in on building AI's that build new AI's


Now, a group of researchers from the Technical University of Darmstadt in Germany has found that one of those chips, the one that enables Bluetooth, can be exploited and hacked to install malware on the phone – even when it’s turned off.

The researchers said in their research paper, posted last week to the arXiv preprint server, that they were able to show that it’s possible install malware on the Bluetooth chip. It’s important to note, though, that this research is at this point mostly theoretical and there’s no evidence that this kind of attack has been used in the wild. Also, as the researchers point out in the paper, hackers would need to first hack and jailbreak the iPhone to be able to access the Bluetooth chip and exploit it, potentially making it a bit redundant in most cases.


See also
Apple iPhone 12 packs in Lidar to bring physical and virtual worlds closer together


Still, even for hackers who have already taken control of the phone, hacking the Bluetooth chip would give them access to another place to collect data, an especially useful one because it’s available even when the phone is powered off.

“[Low-Power Mode] is a relevant attack surface that has to be considered by high-value targets such as journalists, or that can be weaponized to build wireless malware operating on shutdown iPhones,” the paper read.

The researchers explain in the paper that the Bluetooth chip, as well as other wireless chips – those that run Near Field Communication or NFC, which is used for Apple Pay, for example,  and Ultra-wideband (UWB) which is used along with Bluetooth to turn the iPhone into a car key – keep running when the phone is off in what the researchers call Low-Power Mode, noting that it “is different from the energy saving mode indicated by a yellow battery icon.”


See also
US Navy's future supersonic submarines will command swarms of autonomous drones


The researchers conclude that Apple’s implementation of this Low-Power Mode ultimately enhances the security of users because it allows them to find a lost or stolen phone even if it’s turned off. But because the wireless chips are still on, they also pose a new threat model.

The researchers wrote in the paper that they disclosed the issues they found to Apple, and the company did not have any feedback. Apple declined to comment, and the researchers did not respond to a request for comment.

Ryan Duff, a security researcher who has experience with iOS, told Motherboard recently that the attack described in the paper would be useful as an add-on to an existing malware implant “but it’s not really a standalone attack without additional vulnerabilities and exploits.” That’s because the researchers did not show that it’s possible to hack the Bluetooth chip on its own and then jump from there and hack the phone.


See also
Amazing self-deleting gene breakthrough reverses effects of genetic engineering


“It may be possible to exploit the Bluetooth chip directly and modify the firmware but the researchers did not do that and there isn’t a known exploit that would currently allow that,” Duff, who is the director of cyber products at cybersecurity firm SIXGEN, told Motherboard in an online chat after reviewing the research paper. “The same applies from jumping from the Bluetooth to the phone. It would require an additional exploit.”

Still, the researchers’ findings show an attack that could have real-life applications.

“It’s something running after the phone is off, which could be useful,” Ryan added. “Network connectivity is not part of it though so whatever is collected would only be accessible to an attacker after power-on.”

Related Posts

Leave a comment


Awesome! You're now subscribed.

Pin It on Pinterest

Share This