It’s possible to load malware onto an iPhone even when it’s turned off, according to a new report.
The study by researchers from the Technical University of Darmstadt in Germany found that a chip that enables Bluetooth can be exploited and hacked in order to install malware on the device without the user’s permission – even though the phone is switched off.
This comes in the light of the new iOS 15 update, which includes a feature that allows you to be able to locate an iPhone even when it’s powered off.
Apple has claimed that this new feature will enhance the security of users because it allows them to find a lost or stolen phone, even when turned off.
However, because the chips remain on even when the iPhone is turned off, researchers warn this could pose a new threat.
The feature is enabled because three wireless chips stay on – Bluetooth, Near Field Communication (NFC), and Ultra-wideband (UWB) – the paper noted.
This allows the phone to continue sending signals, and is designed to help the owner find their phone if it’s lost.
This is something that the paper calls “Low-Power Mode,” which is “different from the energy-saving mode indicated by a yellow battery icon.”
Malware can be installed on your iPhone – even when off
The paper – which was released last week and entitled “Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones” – revealed that it was possible to install malware on the Bluetooth chip located in the iPhone.
At this point in time, there is no evidence that this kind of attack has been used yet.
The study also concludes that hackers would need to first hack and jailbreak the iPhone to be able to access and exploit the Bluetooth chip.
At this point in time, there is no evidence that this kind of attack has been used yet. is theoretical, with no proof that this kind of attack has been used.
Despite this, the findings have raised important concerns regarding privacy and data protection.
“On modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown. This poses a new threat model,” the paper warned.
“Previous work only considered that journalists are not safe against espionage when enabling airplane mode in case their smartphones were compromised.
“[Low-Power Mode] is a relevant attack surface that has to be considered by high-value targets such as journalists, or that can be weaponized to build wireless malware operating on shutdown iPhones”.
The paper notes that researchers disclosed these revealed security issues to apply but the company did not have any feedback.
“Apple introduced the ‘Find My After Power Off’ feature in the early iOS 15 betas. We assumed that this feature was implemented within the Bluetooth firmware – this made us very concerned because our team had found multiple security issues within that firmware in the past ,” Jiska Classen, a leading researcher on the study, told Euronews Next.
“After an in-depth analysis, we found that there are three wireless chips have support to stay on after power off: Bluetooth, NFC and UWB. The Bluetooth firmware is the most insecure and can be modified”.
If there is malicious software on a smartphone, such as Pegasus, “[it] could not install malware running in the Bluetooth chip while the iPhone is switched off,” Classen explained.
Should you be worried?
“We assume that average user is not targeted by such malware,” she added.
However, she notes that politicians or journalists, as well as their close contacts, could be prone to these attacks, citing previous research from Citizen Lab, in which dozens of Al Jazeera journalists were hacked using spyware.
“Apple has introduced hardware changes to support Bluetooth after power off since the iPhone 11 – these hardware changes cannot be undone,” Classen said.
“Apple could add a physical power switch that disconnects the battery in future iPhones”.
“Broadcom, the manufacturer of the Bluetooth chip, said that they have support to check firmware signatures, and Apple could activate this feature in Bluetooth ROMs of future iPhones”.
Speaking to Euronews Next, Classen was eager to stress that they only demonstrated the possibility that malware could be installed in Bluetooth chips – not that this is common practice.
“It is difficult to tell if malware attacks are increasing, since many attacks might not be discovered,” she added.
“To the best of our knowledge, this has not been used against real-world targets”.
Apple declined to comment when contacted by Euronews Next.