Researchers find potential way to run malware on iPhone even when it's off

By VARINDIA - 2022-05-17

A first-of-its-kind security analysis of iOS Find My function has identified an attack surface that makes it possible to interfere with the firmware and load malware onto a Bluetooth chip that is executed while an iPhone is “off”.

The mechanism takes advantage of the wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate while iOS is shut down when entering a “power reserve” Low Power Mode (LPM).

The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM. Since LPM support is implemented in hardware, it cannot be removed by changing software components. As a result, on modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown. This poses a new threat model.

By taking advantage of this loophole, an adversary with privileged access can create malware that is capable of being executed on an iPhone Bluetooth chip even when it's powered off. The attacker must be able to communicate to the firmware via the operating system, modify the firmware image, or gain code execution on an LPM-enabled chip over-the-air by exploiting flaws.

The LPM features, newly introduced last year with iOS 15, make it possible to track lost devices using the Find My network even when run out of battery power or have been shut off. Current devices with Ultra-wideband support include iPhone 11, iPhone 12, and iPhone 13.

Name:
Email:
Comment:

INTERVIEWS

MSME: the backbone of Indian economy

Redington’s CloudQuarks enabling customers to get direct and faster access to cloud experts

MSMEs shifting data on cloud to allow faster roll out of applications

Hybrid solutions allow more flexibility in computing

Cloud computing helping businesses to save time and money

MSMEs should design a view for data integration across products

TOP VIDEOS

Jobs into Crypto, blockchain & NFT surges

Hybrid workplace enhancing Hybrid selling

Bridging The security Gap Through ‘Zero Trust’

CIO - SPEAK

Upkar Singh, VP-IT, RMSI “My Very Educated Mother Just S...

Remote workers are happier and more productive than in-office staffs

Ajay Yadav Head- IT & SAP, SBL Remote work – Key trends...

Continuous engagement with employees keeps motivated

Avneesh Vats Head-IT, Convergence Energy Services Remote work &nd...

Start-Up and Unicorn Ecosystem

Tech Mahindra to help Communisis on its digital transformati...

Birlasoft and Google Cloud to help enterprises accelerate th...

Capgemini plans to expand its semiconductor design services...

IN-SPACE and Pataa sign MoU to bring an addressing revolutio...

Enea unveils its complete Wi-Fi SaaS solution for telecom op...

Tech Mahindra with AIC to drive innovation in molecular biol...

P&G collaborates with Microsoft Cloud to build the digital m...

Ministry of Education, AICTE and AWS to Upskill Students in...

Capgemini’s offices in Maharashtra now operate on 100% renew...

Tech Mahindra sets up Innovation and Technology Development...

SECURITY

Palo Alto Networks strengthens its Security portfolio with Out-of-Band WAAS

Palo Alto Networks announced the addition of Out-of-Band Web Application and API Security...

Zenseact deploys Veeam Availability Suite and Kasten K10 by Veeam

Veeam Software announced that Zenseact is using Veeam Availability Suite and Kasten K10 by...

Hikvision's IP intercoms meet evolving security and communications needs

Intercom products address a crucial part of the security, communications and convenience n...

SOFTWARE

Aruba & Forrester study says optimizing operational efficiency is a top business priority

Aruba, a Hewlett Packard Enterprise company, announced the findings of a study it commissi...

Qualcomm unveils its AI Stack Portfolio

Qualcomm Technologies, Inc. announced its AI Stack portfolio, accelerating the company&rsq...

3i Infotech signs US $2.2 Mn Digital IMS deal with one of UAE’s digital transformation companies

3i Infotech has signed an enterprise solution deal with one of UAE's digital transform...

START - UP

India startups struggle to raise VC funding in May 2022, finds GlobalData

The Indian startup ecosystem, which was on a unicorn creation spree last year, is currentl...

Toshiba and Beyond Next Ventures India announce Ideathon to boost entrepreneurial skill development

Toshiba Software India in collaboration with Beyond Next Ventures India has launched Ideat...

Karnataka making Mangalore as a FinTech Hub is becoming reality

Continuing with its mission to contribute to India’s $1trillion digital economy with...

SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) -2018
BANGALURU

STAR NITE AWARDS(SNA) - 2018
NEW DELHI

ODISHA INFORMATION TECHNOLOGY FAIR(OITF)-2019
BHUBANESWAR

WESTERN INDIA INFORMATION TECHNOLOGY FAIR(WIITF) - 2019
MUMBAI

PERIPHERALS

Maxima launches Max Pro Turbo with AI Voice Assistant on Amazon Fashion

Maxima Watches has extended its smartwatch range after unveiling the Max Pro Turbo, equipp...

ECS brings LIVA Mini PC and Commercial Motherboards, to showcase at Embedded World 2022

Elitegroup Computer Systems (ECS) will participate in the leading international fair for e...

RAPOO unveils its ‘Ralemo' flagship series of keyboard and mouse

RAPOO has introduced its Flagship Ralemo “Pre 5” Multi-Mode Wireless Mechanica...

LG Electronics rolls out new CineBeam Projector and UltraFine Display OLED Pro

LG Electronics launched the all-new CineBeam Projector with HDR picture quality and the Ul...

INDUSTRY EVENTS

PRAMA hosts its EXCELLENCE MEET in New Delhi

Prama India has organized its Pan India Roadshows with its second event recently at New De...

Grassroots Channels announces a multicity, daylong event “Surveillance Unmasked”

Grassroots Channels has announced the launch of “Surveillance Unmasked” progra...

ManageEngine celebrates two decades of Technology Innovation

Celebrating 20 years of ManageEngine, the company has hosted a conference on May 19 at the...

As a business you need to anticipate the technology evolution and ways to improve the process: CP Gurnani

CEO Fireside Chat CP Gurnani, Chief Executive Officer & Managing Director, Tech Mahind...

E- COMMERCE

BIAL intros omnichannel payment solution in partnership with Kotak and Phi Commerce

With an aim to facilitate a seamless payment experience for customers, Bangalore Internati...

Airtel partners with Axis Bank to bolster India’s digital ecosystem

Bharti Airtel and Axis Bank have announced a strategic partnership to strengthen the growt...

Shopee to face the FIR in UP for Selling fake products

The FIR has been issued against Ankit Upadhyay who is heading the India business, Sriram G...

Amazon's acquisition of Cloudtail, raises many question marks ?

Amazon’s takeover of Cloudtail violates India’s FDI rules, says The Confederat...

MOVERS & SHAKERS

Shemaroo’s Rahul Mishra to lead Web 3.0 initiatives

Shemaroo Entertainment has promoted Rahul Mishra to Head the organisation’s initiati...

Exterro announces two new Executive appointments

Exterro Inc. announced the appointment of two new executives to its leadership team: Debor...

CSS Corp ropes in ex-Cognizant exec Ramaseshan K as its CFO

CSS Corp has announced the appointment of Ramaseshan K as Chief Financial Officer (CFO). R...

ANSR names Ayon Banerjee as President

ANSR has announced the appointment of Ayon Banerjee as its President to provide leadership...

CHANNEL - BUZZ

Kyndryl collaborates with Oracle to help customers accelerate their journey to the cloud

Kyndryl announced a partnership with Oracle to help customers accelerate their journey to...

Druva Expands R&D Footprint in India with Presence in Hyderabad

Druva Inc. today announced the company has increased its headcount across India by 50 perc...

COAI constitutes new leadership team at its AGM 2022

COAI recently concluded its Annual General Body Meeting for the Financial Year 2021-22, wi...

Beetel becomes distributor of Yealink Network Technology

Beetel Teletech announced its new distribution partnership with Yealink Network. The deal...