How German researchers discovered that even a disabled iPhone can be easily hacked – Technology News, Firstpost
FP explainersJune 10, 2022 11:56:34 IST
Until now, most of us assumed that the safest way to prevent your devices from being hacked was to simply turn them off. If your device isn’t powered on, it can’t be hacked, right? Well, a group of researchers have shown that they can still be hacked.
People have always assumed that Apple’s iPhones are among the most secure devices and have the fewest number of vulnerabilities.
However, a group of researchers from the Secure Mobile Networking Lab at the University of Darmstadt, Germany, has published a paper describing a theoretical method for hacking into an iPhone even when the device is turned off.
According to a blog post by Kaspersky, one of the world’s leading providers of antivirus and Internet security services, the study by the engineers at the University of Darmstadt examined the operation of the wireless modules in an iPhone and found ways to analyze the Bluetooth firmware.
This enabled them to introduce a malware program that could run completely independently of iOS, the device’s operating system.
In 2021, Apple announced that the Find My Device service, which is basically used to locate a lost device, would now work even when the device is turned off. This feature is available on all Apple smartphones from iPhone 11.
While this functionality has been a lifesaver for a number of people over the years, there are some pretty serious ways it can compromise security.
Even when powered off, iPhones don’t shut down completely, but instead switch to Low Power mode, which keeps only a very limited number of modules alive.
These are mainly the Bluetooth and Ultra WideBand (UWB) wireless modules, as well as NFC, provided there is enough power in the battery.
Basically, even when the device is in this power saving mode, it is transmitting information about itself.
The researchers in Germany conducted a detailed analysis of the Find My service in Low Power Mode and discovered some rather strange things.
After the device is turned off, most of the work is handled by the Bluetooth module, which is reconfigured by a series of iOS commands. It then periodically sends data packets over the air so other nearby devices can know its location.
The most significant discovery was that the Bluetooth module’s firmware is unencrypted and unsecured. The lack of encryption allows analysis of the firmware and the search for vulnerabilities, which can later be used in attacks. The lack of Secure Boot allows an attacker to go further and completely replace the manufacturer’s code with their own code, which is then executed by the Bluetooth module. In this whole process, the device does not need to be turned on once.