Until now, most of us have assumed that the surest way to prevent your devices from being hacked is to simply turn them off. If your device isn’t turned on, it can’t be hacked, right? Well, a group of researchers has shown that they can still be hacked.
People have always assumed that Apple iPhones are some of the most secure devices and that they have the fewer vulnerabilities. However, a group of researchers from the Laboratory for Secure Mobile Networks at the University of Darmstadt, Germany, published a paper describing a theoretical method for hacking into an iPhone, even when the device is turned off. According to a blog post by Kaspersky, one of the world’s leading Internet security and antivirus service providers, the study by Darmstadt University engineers examined the operation of wireless modules in an iPhone and found ways to analyze the bluetooth firmware. Consequently, they were able to introduce a malware program that was capable of running completely independently of iOS, the device’s operating system. In 2021, Apple announced that the Find My Device service, which is basically used to locate a lost device, would now work even if the device has been turned off. This feature is available on all Apple smartphones starting with iPhone 11. Although this feature has been a lifesaver for a number of people over the years, there are some pretty serious ways it can compromise security. Even when turned off, iPhones don’t turn off completely, but rather switch to low-power mode, in which only a very limited set of modules are kept alive. These are mainly Bluetooth and Ultra WideBand (UWB) wireless modules, as well as NFC, as long as there is enough battery power. Basically, even when the device is in this low power mode, it sends information about itself. Researchers in Germany carried out a detailed analysis of the Find My service in low power mode and discovered some pretty strange things. After the device is turned off, most of the work is done by the Bluetooth module, which is reconfigured using a set of iOS commands. It then periodically sends data packets over the air, letting other nearby devices know your location. The main discovery was that the Bluetooth module firmware is not encrypted or protected. The lack of encryption allows for firmware analysis and vulnerability scanning, which can then be used in attacks. The absence of Secure Boot allows an attacker to go further and completely replace the manufacturer’s code with their own, which then runs the Bluetooth module. In this whole process, you don’t need to turn on the device even once. Via: FirstPost
