Hackers Can Abuse Low-Power Mode to Run Malware on Powered-Off iPhones

MuzzMelbourne

MuzzMelbourne

Level 15
Thread author
Verified
Top Poster
Well-known
Mar 13, 2022
599
Content source
https://www.securityweek.com/hackers-can-abuse-low-power-mode-run-malware-powered-iphones
Researchers from a university in Germany have analyzed the low-power mode (LPM) implementation on iPhones and found that it introduces potentially serious security risks, even allowing attackers to run malware on powered-off devices.

LPM is activated when the user switches off the iPhone or when the device shuts down due to low battery. While the device appears completely turned off, LPM ensures that certain features are still available, including the Find My service (for locating a device), digital car keys, payment apps, and travel cards.
Click to expand...

Hackers Can Abuse Low-Power Mode to Run Malware on Powered-Off iPhones | SecurityWeek.Com

Researchers have analyzed the low-power mode on iPhones and found that it introduces security risks, even allowing attackers to run malware on powered-off devices.
www.securityweek.com www.securityweek.com
 
  • Like
  • Wow
Reactions: vtqhtr413, [correlate], Gandalf_The_Grey and 2 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458

The findings have limited real-world value since infections required a jailbroken iPhone, which in itself is a difficult task, particularly in an adversarial setting. Still, targeting the always-on feature in iOS could prove handy in post-exploit scenarios by malware such as Pegasus, the sophisticated smartphone exploit tool from Israel-based NSO Group, which governments worldwide routinely employ to spy on adversaries.

It may also be possible to infect the chips in the event hackers discover security flaws that are susceptible to over-the-air exploits similar to this one that worked against Android devices.
Besides allowing malware to run while the iPhone is turned off, exploits targeting LPM could also allow malware to operate with much more stealth since LPM allows firmware to conserve battery power. And of course, firmware infections are already extremely difficult to detect because of the significant expertise and expensive equipment required to do so.

The researchers said Apple engineers reviewed their paper before it was published, but company representatives never provided any feedback on its contents. Apple representatives didn’t respond to an email seeking comment for this story.
Click to expand...
arstechnica.com

Researchers devise iPhone malware that runs even when device is turned off

Research is largely theoretical but exposes an overlooked security issue.
arstechnica.com arstechnica.com
 
  • Like
  • +Reputation
Reactions: vtqhtr413, harlan4096, [correlate] and 1 other person
You must log in or register to reply here.

Similar threads

Sandbox Breaker
    • Like
    • Applause
AWS SSM Agent can be used as a RAT
Replies
0
Views
1,426
News Archive
Sandbox Breaker
Sandbox Breaker
silversurfer
    • Like
    • Applause
iOS malware can fake iPhone shut downs to snoop on camera, microphone
Replies
0
Views
746
News Archive
silversurfer
silversurfer
Trident
    • Like
    • +Reputation
    • Hundred Points
Serious Discussion Harmony Endpoint by Check Point
Replies
685
Views
59,001
Other security for Windows, Mac, Linux
simmerskool
simmerskool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top