New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,172
Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and main access to an Apple device even when the victim believes it is offline.

The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial Airplane Mode which edits the UI to display Airplane Mode icon and cuts internet connection to all apps except the attacker application," Jamf Threat Labs researchers Hu Ke and Nir Avraham said in a report shared with The Hacker News.

Airplane Mode, as the name implies, allows users to turn off wireless features in their devices, effectively preventing them from connecting to Wi-Fi networks, cellular data, and Bluetooth as well as sending or receiving calls and text messages.

The approach devised by Jamf, in a nutshell, provides an illusion to the user that the Airplane Mode is on while allowing a malicious actor to stealthily maintain a cellular network connection for a rogue application.

"When the user turns on Airplane Mode, the network interface pdp_ip0 (cellular data) will no longer display ipv4/ipv6 ip addresses," the researchers explained. "The cellular network is disconnected and unusable, at least to the user space level."
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Probably does not apply but not sure where to post this: last night from 2 very different sites that send two-factor-authentication to my iphone, the codes never arrived. This has not happened to me before. I even shutdown my iphone and rebooted and still neither 2fa code arrived. Then about 20 or 30 minutes later, both arrived at the same time. Assuming cellular network delay, :unsure:, provider is Verizon. Or something more sinister? :unsure::unsure: (mods if there's a better place to post this please do)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top