A team of cybersecurity researchers discovered that it was possible to install malicious programs (malware) on iPhone phones even when they are turned off.

This is due to the way Apple implements separate wireless features. Bluetooth, Near Field Communication (NFC) and ultra-wideband (UWB) device technologies, a new study has discovered.

These features, with access to the iPhone’s secure element (SE), which stores sensitive information, remain active even when current iPhones are turned off, experts say. academy from the Technical University of Darmstadt in Germany.

This makes it possible, for example, “load malware on a chip Bluetooth runs while the iPhone is turned off, “they wrote in a research paper titled” Evil Never Sleeps: When Wireless Malware Stays On After Turning iPhone. “

By compromising these wireless features, attackers can access secure information such as a user’s credit card details, bank details or even digital car keys on the deviceaccording to researchers Jiska Classen, Alexander Heinrich, Robert Reith and Matthias Hollick of the university’s Secure.

Although the risk is real, exploiting the situation is not very easy for would -be attackers, the researchers acknowledged. Actor threats will still need to load malware when the iPhone is turned on for the next execution when it is turned off, they say. This will require system-level access or remote code execution (RCE), the latter of which they can obtain by using known flaws such as BrakTooth, the researchers said.

where the problem comes from

The root of the problem is the current implementation of Low Power Mode (LPM) for wireless chips in the iPhone, the researchers detailed in the paper. The team differentiated the LPM that runs these chips and the power saving app that iPhone users can enable. on their phones to save battery.

The LPM in question “triggers when the user turns off their phone or when iOS automatically shuts down due to a low battery,” they wrote.

While the current implementation of LPM on iPhones increases “security and user convenience in most situations,” it also “adds new threats”said the researchers.

LPM support is based on iPhone hardware, so system updates will not remove it, and therefore have “a lasting impact on the overall iOS security model”They said.

“Bluetooth and UWB chips are connected to [SE] on the NFC chip, which stores secrets that should be available to the LPM, ”the researchers explain.“ Because LPM support is implemented in hardware, it cannot be removed by replacing software components. As a result, on modern iPhones, wireless chips are no longer reliable to turn off after shutdown. It raises a new one threat model”, They added.

How to avoid this vulnerability

“You have to understand that there are elements that a user cannot control, I am referring to the components of a device (for example: the chip or bluetooth), however, the user can use basic concepts of what I call” cyber hygiene ” , an easy and common sense way to stay protected even when the device is turned off, for example “, he explains in Clarion Stephen Fallas, architect of cybersecurity at Trellix.

“You have to understand that there are elements that a user cannot control, I refer to the components of a device (for example: the chip or bluetooth), however, the user can use basic concepts of what I call ‘cyber hygiene’, easy way to stay protected even when your device is turned off, for example, “

Among the advice he gives, he recommends: “Keep the software up to date, in fact, I recommend activating automatic device system updates. Also download applications from official stores , either the Google Play Store or the Apple App Store. “

He also advises to consider carefully “before you click, because over 90% of successful cyberattacks start with a phishing email.” Finally, a tip that seems obvious but some users follow the letter: “Use strong passwords, use uppercase, lowercase, numbers and special characters. And remember that losing or stealing your device is information can also be compromised “, close.