IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Researchers demonstrate how to install malware on iPhone after it's switched off

The most recent iPhones are found to be vulnerable after researchers discover an exploit in a beloved iOS 15 feature

A team of German researchers have discovered a new threat model affecting Apple iPhones that allows malware to be installed on a device even when it’s switched off.

Researchers were able to show that malware could be installed on an iPhone’s Bluetooth chip - one of the few components that both remain active after the device is shut down, and also has access to an iPhone’s secure element. 

The discovery is reliant on an iPhone user running iOS 15 or later since this was the release that added the functionality to find the device even after it had been shut down.

Most wireless chips remain activated on an iPhone for users who have enabled the ‘Find My network’ setting in Apple’s Find My app, even if it has been manually powered down.

These wireless chips: Bluetooth, NFC, and ultra-wideband (UWB) are all hardwired to the phone’s secure element - the area in which secrets are stored - and can therefore no longer be trusted components of the device, the researchers said, given that they are accessible after a shutdown.

The researchers were able to write to the Bluetooth chip in an iPhone 13 by exploiting a legacy feature that requires iOS to be able to write to the executable RAM regions using a vendor-specific host-controller interface (HCI) command.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

Attackers could theoretically modify the custom functionality of the Bluetooth chip during a low power mode, via malware, to send the device’s location to the attacker, or add new functionality entirely, the researchers said in a paper.

Although the attack is not currently exploited in the wild, and according to other researchers speaking to Vice, prospective attackers would need to chain this vulnerability with a separate exploit to execute it, the researchers’ work presents a new threat model to be aware of.

Businesses that have equipped their workforce with iPhones running iOS 15 or later should consider turning off the Find My network as a device policy before issuing to employees.

The researchers did stipulate that the Find My network feature did, overall, improve the security of the iPhone, despite the new threat model its new functionality presents.

IT Pro contacted Apple for a response but it did not reply at the time of publication and declined to comment on the story to other media outlets.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

23 Jun 2022

Most Popular

FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022
Internet providers look to ease cost of living crisis with cheaper broadband
broadband

Internet providers look to ease cost of living crisis with cheaper broadband

29 Jun 2022