Researchers have demonstrated iPhone malware that works even when the phone is fully shut down.
t turns out that the iPhone’s Bluetooth chip — which is key to making features like Find My work — has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off.
[…]
The research is the first — or at least among the first — to study the risk posed by chips running in low-power mode. Not to be confused with iOS’s low-power mode for conserving battery life, the low-power mode (LPM) in this research allows chips responsible for near-field communication, ultra wideband, and Bluetooth to run in a special mode that can remain on for 24 hours after a device is turned off.
The research is fascinating, but the attack isn’t really feasible. It requires a jailbroken phone, which is hard to pull off in an adversarial setting.
Slashdot thread.
More Stories
#GartnerSEC: Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organizations
Cybersecurity leaders should prioritize response and recovery over prevention to effectively navigate the ever-evolving threat landscape, according to Gartner analysts...
Citing security fears, Ukraine bans Telegram on government and military devices
The government of Ukraine imposed a ban on the Telegram messaging app being used on official devices belonging to government...
Israel’s Pager Attacks and Supply Chain Vulnerabilities
Israel’s brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least...
US Mulls Ban on Russian, Chinese Parts in Connected Vehicles
The US Commerce Department wants to prohibit the sale or import of connected vehicles with Russian or Chinese-made hardware and...
Two men arrested one month after $230 million of cryptocurrency stolen from a single victim
Two men have been arrested by the FBI and charged in relation to their alleged involvement in a scam which...
Cybersecurity Threats: Top Risks Facing Your Startup
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of...