The iPhone are considered the safer smartphones and the most difficult to to spyinfect with a malware or hack exploiting a security flaw. Yet not even the iPhone are completely immune to the risk of a hacker attack and a study ofUniversity of Darmstadt in Germany it proves it. The researchers, in fact, managed to force several iPhones when they were even turned off. But under very specific conditions.
The devil never dies
In a scientific paper by title “Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones“, the German researchers explain that, in fact, the iPhone they are never completely off except when the battery charge does not drop to zero permanently.
Before that time many chips remain active in “Low Power Mode“(LPM), a mode that requires some wireless connections to remain partially turned on, for example to allow the user to use theFind My app to find your iPhone.
Based on the iPhone model analyzed, during testing various connections remained on also in LPM: Bluetooth And Wifiabove all, but also NFC and, for models that are equipped with it, also the connection Ultra Wide Band (UWB). Each of these connections is a possible gateway for a hacker, who can use it to enter the phone and tamper with it, infect it or spy on it.
What the researchers did
Researchers from the University of Darmstadt did exactly what we just mentioned: they took different models of iPhones, each with its own connections and its own “doors“access, and they tried to open them all one by one, while the phone was turned off in Low Power Mode. And, in some cases, they succeeded.
In particular they managed to install a malwarewhich worked completely independent of the iOS operating system and, consequently, it bypassed all security measures included in iOS.
Which iPhones are at risk
Almost all recent iPhones have the LPM mode, but not all of them have the same wireless connections. However, the German researchers tested the hack on the following devices:
- iPhone Xr
- iPhone Xs
- iPhone 11
- iPhone SE 2020
- iPhone 12
- iPhone 13
It is reasonable to think that too iPhone 14 And iPhone SE 2022 can be similarly forced, because they have Low Power Mode, although the researchers have not tested them because these models arrived on the market after the start of their research. All the forced iPhones were, however, “unlocked” with the Jailbreak.
This term means the unofficial procedure with which iPhones are forced in order to install software not approved by Apple, a procedure that involves the loss of the warranty on the phone and, for this reason, is performed only by a small minority of iPhone users (also because it is not easy to do it).
However the researchers also point out that some of the maneuvers they have been able to perform on phones turned off in Low Power Mode do not require the Jailbreak and, as a result, the very fact that an iPhone goes into LPM might put it a little on risk.