German researchers from the Technical University of Darmstadt recently discovered a possible security loophole in iPhones that, in theory, could potentially allow hackers to maliciously interact with a turned-off device.
Contrary to popular belief, when newer model iPhones are off, they do not immediately fully powered down. Instead, the intelligent Apple devices go into low-power mode, and the German researchers believe that devices could be exploited while in this mode. Furthermore, the study highlights that chips responsible for near-field communication, ultra-wideband, and Bluetooth can remain on for more than a day after the iPhone is turned off after being manually switched off or out of battery.
iPhones do not entirely turn off, allowing Apple users to have access to features such as Find My and the device’s mobile wallet. Even if the iPhone says that the battery is completely drained, the device actually remains in low-power mode for some time until it completely depletes and all components shut down. The low-power status that the iPhone enters when completely switched off is not to be confused with the low-power mode that conserves the battery life offered by iOS.
Such functionalities are certainly helpful – users who use an iPhone to unlock a house or car can also do so after the phone is switched off. However, those functionalities also mean that the chips in the devices stay on even when you think a device is off, which gives hackers more hunting ground to explore. When an iPhone is completely turned off, the chips remain working, but the device’s main processor shuts down. The researchers successfully demonstrated the possibility of loading malware onto a Bluetooth chip on a powered off jailbroken iPhone.
The convenience offered by iPhones is helpful but could also pose a security and even privacy risk as the iPhone remains findable after power off. So even if your device is off, people in Family Sharing you share location with, will still be able to see your exact location at any given time. The university staff figured out how to take advantage of the lack of digital signage and encrypting, which is not present when only chips are “awake” in the iPhone. The intrusion of malicious code potentially allows attackers to run features on the devices, such as tracking its geo-position. It is almost impossible to catch such malware as it operates in stealth mode while the device’s firmware is off conserving battery power. This is one of the first studies ever that touch on exploits targeting such low power modes in smart devices.
The university researchers confirmed that Apple read their paper before publication. However, Apple has not commented on the report or provided any public statements to the media. Even though the researchers advise that Apple will have to “add a hardware-based switch to disconnect the battery” to address the issue, at this moment, the vulnerability is only present on jailbroken iPhones, and the vast majority of the devices out on the market are not jailbroken.