Your iPhone is always at some risk from hacking and malware, no matter how small. But something that seems to have been overlooked until now is how that risk is still present even with the power off.
Researchers at the Technical University of Darmstadt in Germany (via Ars Technica) have claimed to be the first to investigate the security risks of low-power mode chips. The video below gives a brief outline of exactly what this means.
These LPM abilities can be found in the Bluetooth, NFC and ultra-wideband chips in modern iPhones, and allow them to run for up to 24 hours after you switch off your iPhone or run out of battery (not to be confused with the iPhone’s power-saving mode, indicated by a yellow battery icon). These are useful additions because they are what allow you to find lost iPhones or use things like digital car keys and express payment cards even with no charge. But as the Darmstadt researchers show, this is open to exploitation.
In their paper, Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones, the researchers explain that this LPM quirk could be exploited by modifying the Bluetooth chip’s firmware and loading in malware. This could be used to secretly monitor a user, as it’s hard to detect firmware changes without specific knowledge and equipment or to gain access to secure data within the phone.
As this feature is part of the phone’s components, it’s not something Apple is able to just disable in a software update. This is an attack method that’s going to remain in place for a long time, and so, the researchers argue, it’s important to acknowledge the risk, even if these features have entirely benign and practical uses.
The good news is actually accessing these components would require “jailbreaking” the iPhone, which takes a lot of work and physical access to the phone. However, if other security flaws were to be discovered that could be used in tandem, this could become more dangerous.
Apple is at least aware of the issue since the researchers shared their findings with the company before publishing. There’s been no response as of yet though.
The researchers suggest Apple offer a hardware-level battery disconnect option to allow privacy-focused users to defend themselves against the kind of attacks they’ve explored. It seems a long shot, but perhaps Apple will listen given how often it boasts about its devices’ privacy compared to the best Android phones.