Your switched off iPhone can be hacked, claims research paper. Find out more

Your switched off iPhone can be hacked, claims research paper. Find out more

We always believe that a switched off phone thwarts the attack on it, it cannot be traced or tracked continuously but the cybercriminals find ways to penetrate even a switched off phone. We also consider iPhone to the safest among all mobile devices but it too can become vulnerable. Researchers from the Secure Mobile Networking Lab at the University of Darmstadt, Germany, have published a paper describing a theoretical method for hacking an iPhone — even if the device is off.

According to Kaspersky blog, the study examined the operation of the wireless modules, found ways to analyze the Bluetooth firmware and, consequently, to introduce malware capable of running completely independently of iOS, the device’s operating system. 

In 2021, Apple announced that the Find My service, which is used for locating a lost device, will now work even if the device is switched off. This improvement is available in all Apple smartphones since the iPhone 11. Even if lost, it doesn’t turn off completely, but switches to Low Power Mode, in which only a very limited set of modules are kept alive. These are primarily the Bluetooth and Ultra WideBand (UWB) wireless modules, as well as NFC.

Bluetooth in Low Power Mode is used for data transfer, while UWB — for determining the smartphone’s location. In Low Power Mode, the smartphone sends out information about itself.

The researchers in Germany carried out a detailed analysis of the Find My service in Low Power Mode, and discovered some previously unknown traits. After power off, most of the work is handled by the Bluetooth module, which is reloaded and configured by a set of iOS commands. It then periodically sends data packets over the air, allowing other devices to detect the not-really-off iPhone.

The main discovery was that the firmware of the Bluetooth module is not encrypted and not protected by Secure Boot technology. The lack of encryption permits analysis of the firmware and a search for vulnerabilities, which can later be used in attacks. The absence of Secure Boot allows an attacker to go further and completely replace the manufacturer’s code with their own, which the Bluetooth module then executes.

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

Source link

Author: Shirley