Researchers find new way to hack any iPhone even when it’s turned off

Cybersecurity experts published a research detailing how Bluetooth, Near Field Communication (NFC) and Ultra-wideband (UWB) wireless features on iPhone devices would allow some variants of cyberattacks to be deployed, as they remain active even when the affected devices are turned off.

These features have access to Secure Element, which stores sensitive device information and remains active on the latest iPhone models even with the phone turned off. According to specialists at the Technical University of Darmstadt, Germany, this would allow malware to be loaded onto a Bluetooth chip running on an inactive device.

The compromise of these features would allow threat actors to access protected information, including payment card details, banking information and other sensitive data. While this risk is considered real and active, the researchers acknowledge that exploiting these flaws is complex, as hackers would require loading malware onto a target iPhone when it’s turned on, which mandatory requires a remote code execution (RCE) tool.

According to the report, the bug exists because of the way Low Power Mode (LPM) is implemented on Apple’s wireless chips: “The LPM setting is triggered when the user turns off their phone or when the iOS system automatically shuts down due to lack of battery.”

Experts believe that, in addition to its obvious advantages, the current implementation of LPM created new attack vectors. LPM support is based on iPhone hardware, so bugs like this can’t be fixed with software updates.

One attack scenario, tested by the researchers, describes how the smartphone’s firmware would allow attackers to have system-level access for remote code execution using a known Bluetooth vulnerability, such as the popular Braktooth flaw. The research was shared with Apple before its publication. Although the company did not comment on it, experts proposed that Apple add a hardware-based switch to disconnect the battery, preventing functions related to the error from receiving power with the device turned off.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.