Tech

Researchers have devised iPhone malware that runs even when the device is turned off.

An anonymous reader cites Ars Technica’s report. Turning off iPhone doesn’t completely turn it off. A chip inside the device continues to run in a low-power mode, allowing you to use Find My to find lost or stolen devices or use your credit card and car keys even after the battery is dead. Now, researchers have devised a way to abuse this always-on mechanism to execute malicious code. Even if your iPhone appears to be powered off, it stays active.. It turns out that the iPhone’s Bluetooth chip, which is key to creating features like Find My Task, lacks a mechanism to digitally sign or encrypt the firmware it runs on. Scholars at the Technical University of Darmstadt in Germany know how to exploit this lack of hardening to run malicious firmware that allows attackers to track the phone’s location or launch new features when the device is turned off. I paid. this video It provides a high-level overview of several ways an attack can work.

that much result (PDF) Infection has limited real value as it requires a jailbroken iPhone, a difficult task in itself, especially in hostile environments. Nonetheless, targeting always-on features of iOS could be useful in post-exploitation scenarios by malware like Pegasus, a sophisticated smartphone exploit tool from Israel-based NSO Group. In addition to allowing malware to run while the iPhone is off, exploits targeting the LPM can allow the malware to operate much more stealthily, as the LPM allows the firmware to conserve battery power. Of course, firmware infections are already very difficult to detect as they require considerable expertise and expensive equipment.

Researchers have devised iPhone malware that runs even when the device is turned off.

Source link Researchers have devised iPhone malware that runs even when the device is turned off.

Back to top button