The way Apple combines autonomous wireless technology such as Bluetooth, Near Field Communication (NFC), and Ultra-wideband (UWB) in the device, researchers determined that it could be exploited by attackers to target iPhones even when they are turned off.
Such features—which have access to the iPhone's Secure Element (SE), which stores sensitive information—stay on even when modern iPhones are turned off, as per a team of researchers from Germany's Technical University of Darmstadt. This allows attackers to "load malware onto a Bluetooth chip that is performed when the iPhone is off," according to a research study titled "Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhone."
As per Jiska Classen, Alexander Heinrich, Robert Reith, and Matthias Hollick of the university's Secure Mobile Networking Lab, attackers can gain access to secure information such as a user's credit card data, banking details, or even digital car keys on the device by compromising these wireless features. Researchers noted that while the risk is real, exploiting the circumstance is not that simple for would-be attackers. Threat actors will still need to load malware onto the iPhone when it is turned on for subsequent execution when it is turned off. This would require system-level access or remote code execution (RCE), which they might gain by exploiting known weaknesses like BrakTooth.
The main cause of the problem is the existing implementation of low power mode (LPM) for wireless chips on iPhones. The experts distinguished between the LPM which these processors employ and the power-saving program that iPhone users can use to save battery life. Because LPM support is built into the iPhone's hardware, it cannot be deleted with system upgrades, and has "a long-term impact on the broader iOS security paradigm," according to the researchers.
Analysts disclosed their findings to Apple before publishing the study, but they claim the company did not respond to the difficulties revealed by their findings. It is recommended that one possible solution would be for Apple to implement "a hardware-based switch to disconnect the battery" so that these wireless parts would not have power while an iPhone is turned off.
