Researchers at the Technical University of Darmstadt have discovered that an Apple iPhone is still vulnerable to malware, even when completely turned off. In the article ‘Evil never sleeps’, the researchers detail how the Find My function and other bluetooth functions make this apparent paradox possible.
After all, you would think that a closed smartphone could not run any software, let alone malware. But it turns out that this is not entirely true. After an iPhone is turned off, the device can continue to perform nfc functions for 24 hours and bluetooth also works. As a result, the Find My function, for example, continues to work for a while, even if the battery is apparently completely empty. Affected chips will remain on for a while in a mode. low power mode if it’s hot, don’t confuse it with the battery saver feature of an iPhone that’s turned on.
The good news is that researchers only picked up malware on a disabled iPhone if it was jailbroken. Once the software restrictions of a smartphone are circumvented, any software, including malware, can run on the device.
According to the researchers, there is no concrete solution to the vulnerability, as the chips in question do not use encryption or other security methods in low-power mode. So it is definitely a hardware related issue that cannot be fixed with an update. Meanwhile, Apple is aware of the article, but has yet to comment on the matter.
Removing the battery completely can prevent a malware infection, but since Apple tapes an iPhone’s battery, it’s easier said than done.
Sources: Technical University of Darmstadt (.pdf), via ArsTechnica
Source: Hardware Info
