Researchers have figured how how to intercept and fake an iPhone reboot:
We’ll dissect the iOS system and show how it’s possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it’s still running. The “NoReboot” approach simulates a real shutdown. The user cannot feel a difference between a real shutdown and a “fake shutdown.” There is no user-interface or any button feedback until the user turns the phone back “on.”
It’s a complicated hack, but it works.
Uses are obvious:
Historically, when malware infects an iOS device, it can be removed simply by restarting the device, which clears the malware from memory.
However, this technique hooks the shutdown and reboot routines to prevent them from ever happening, allowing malware to achieve persistence as the device is never actually turned off.
I see this as another manifestation of the security problems that stem from all controls becoming software controls. Back when the physical buttons actually did things — like turn the power, the Wi-Fi, or the camera on and off — you could actually know that something was on or off. Now that software controls those functions, you can never be sure.
More Stories
2024 RSA Recap: Allow us to Reintroduce Ourselves
The 2024 RSA Conference has officially wrapped, and this year’s event served as the perfect backdrop for us to make...
Black Basta Ransomware Victim Count Tops 500
Affiliates of prolific Black Basta ransomware group have breached over 500 global organizations Read More
Threat Actor Claims Major Europol Data Breach
A threat actor known as IntelBroker claims to be selling confidential Europol data after a May breach Read More
Friday Squid Blogging: Squid Mating Strategies
Some squids are “consorts,” others are “sneakers.” The species is healthiest when individuals have different strategies randomly. As usual, you...
New Attack Against Self-Driving Car AI
This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly...
UK’s AI Safety Institute Unveils Platform to Accelerate Safe AI Development
The UK's open source AI safety evaluation platform, Inspect, is set to empower global collaboration for safer AI development Read...