Researchers have discovered a new way to run malware on a powered-down iPhone.
You see, Apple’s smartphone is not completely off even when you shut it down. It merely goes into a low-power mode in which its Bluetooth chip continues to operate so users can use the Find My feature to track their phones when they lose it.
It’s in this always-on mechanism that researchers from the Technical University of Darmstadt in Germany discovered a flaw. The researchers say a standalone firmware on the Bluetooth chip lacks protection against modification and can be exploited by cybercriminals to track a potential victim, among other possible ill-intentioned activities. They conclude that the iPhone’s implementation of the low-power mode “is opaque and adds new threats.”
Related
The researchers published their findings in a paper entitled “Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones,” with a teaser video available on YouTube and full reading available at arXiv.org.