IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Researchers demonstrate how to install malware on iPhone after it's switched off

The most recent iPhones are found to be vulnerable after researchers discover an exploit in a beloved iOS 15 feature

A team of German researchers have discovered a new threat model affecting Apple iPhones that allows malware to be installed on a device even when it’s switched off.

Researchers were able to show that malware could be installed on an iPhone’s Bluetooth chip - one of the few components that both remain active after the device is shut down, and also has access to an iPhone’s secure element. 

The discovery is reliant on an iPhone user running iOS 15 or later since this was the release that added the functionality to find the device even after it had been shut down.

Most wireless chips remain activated on an iPhone for users who have enabled the ‘Find My network’ setting in Apple’s Find My app, even if it has been manually powered down.

These wireless chips: Bluetooth, NFC, and ultra-wideband (UWB) are all hardwired to the phone’s secure element - the area in which secrets are stored - and can therefore no longer be trusted components of the device, the researchers said, given that they are accessible after a shutdown.

The researchers were able to write to the Bluetooth chip in an iPhone 13 by exploiting a legacy feature that requires iOS to be able to write to the executable RAM regions using a vendor-specific host-controller interface (HCI) command.

Related Resource

The truth about cyber security training

Stop ticking boxes. Start delivering real change.

Pair of feet in socks with a chair and plant in the backgroundFree download

Attackers could theoretically modify the custom functionality of the Bluetooth chip during a low power mode, via malware, to send the device’s location to the attacker, or add new functionality entirely, the researchers said in a paper.

Although the attack is not currently exploited in the wild, and according to other researchers speaking to Vice, prospective attackers would need to chain this vulnerability with a separate exploit to execute it, the researchers’ work presents a new threat model to be aware of.

Businesses that have equipped their workforce with iPhones running iOS 15 or later should consider turning off the Find My network as a device policy before issuing to employees.

The researchers did stipulate that the Find My network feature did, overall, improve the security of the iPhone, despite the new threat model its new functionality presents.

IT Pro contacted Apple for a response but it did not reply at the time of publication and declined to comment on the story to other media outlets.

Featured Resources

The 3D skills report

Add 3D skills to your creative toolkits and play a sizeable role in the digital future

Free Download

The increasing need for environmental intelligence solutions

How sustainability has become a major business priority and is continuing to grow in importance

Free Download

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

Solve global challenges with machine learning

Tackling our word's hardest problems with ML

Free Download

Recommended

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

11 Nov 2022

Most Popular

Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023
European partners expect growth this year, here are three ways they will achieve it
Sponsored

European partners expect growth this year, here are three ways they will achieve it

17 Jan 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023