Researchers find potential way to run malware on iPhone even when it's off
A first-of-its-kind security analysis of iOS Find My function has identified an attack surface that makes it possible to interfere with the firmware and load malware onto a Bluetooth chip that is executed while an iPhone is “off”.
The mechanism takes advantage of the wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate while iOS is shut down when entering a “power reserve” Low Power Mode (LPM).
The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM. Since LPM support is implemented in hardware, it cannot be removed by changing software components. As a result, on modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown. This poses a new threat model.
By taking advantage of this loophole, an adversary with privileged access can create malware that is capable of being executed on an iPhone Bluetooth chip even when it's powered off. The attacker must be able to communicate to the firmware via the operating system, modify the firmware image, or gain code execution on an LPM-enabled chip over-the-air by exploiting flaws.
The LPM features, newly introduced last year with iOS 15, make it possible to track lost devices using the Find My network even when run out of battery power or have been shut off. Current devices with Ultra-wideband support include iPhone 11, iPhone 12, and iPhone 13.
Aruba & Forrester study says optimizing operational efficiency is a top business priority
Aruba, a Hewlett Packard Enterprise company, announced the findings of a study it commissi...
Qualcomm unveils its AI Stack Portfolio
Qualcomm Technologies, Inc. announced its AI Stack portfolio, accelerating the company&rsq...
3i Infotech signs US $2.2 Mn Digital IMS deal with one of UAE’s digital transformation companies
3i Infotech has signed an enterprise solution deal with one of UAE's digital transform...
PRAMA hosts its EXCELLENCE MEET in New Delhi
Prama India has organized its Pan India Roadshows with its second event recently at New De...
Grassroots Channels announces a multicity, daylong event “Surveillance Unmasked”
Grassroots Channels has announced the launch of “Surveillance Unmasked” progra...
ManageEngine celebrates two decades of Technology Innovation
Celebrating 20 years of ManageEngine, the company has hosted a conference on May 19 at the...
As a business you need to anticipate the technology evolution and ways to improve the process: CP Gurnani
CEO Fireside Chat CP Gurnani, Chief Executive Officer & Managing Director, Tech Mahind...