Wired
The chips in Apple’s iPhones continue to operate in Low Power Mode (LPM) when the device is powered off. A few days ago, researchers designed a kind of malware based on this mechanism, which can also run when the user turns off the iPhone. Although the corresponding research is still theoretical, it has exposed the security problems of Apple devices.
When the user turns off the iPhone, the device doesn’t actually shut down completely, the built-in chip continues to run in a low-power mode, allowing the user to use the Find feature to locate a lost or stolen device, or to continue after the battery is depleted Use Apple Wallet and car keys. Now, researchers use this “always on” mechanism to run malware that keeps the malware running when the iPhone is turned off.
The iPhone uses the built-in Bluetooth chip to continue to implement functions such as “find” when it is turned off. But it turns out that the chip doesn’t have a digital signature mechanism, or even encrypt the running firmware. Academics at the Technical University of Darmstadt in Germany have devised a way to use this lack of encryption to run malicious firmware, allowing attackers to track the phone’s location or run malicious code when the phone is turned off Features.
The study is the first time researchers have looked at the security risks posed by chips operating in low-power modes. The low-power mode referred to in the study is not the low-power mode in the iOS system, but refers to the chips in Apple devices responsible for near-field communication, ultra-wideband and Bluetooth that maintain low-power operation after the device is turned off for 24 hours. time.
“The current operating mechanism of LPM mode on Apple’s iPhone is opaque and adds new security risks,” the researchers wrote in a paper published last week. “Because LPM mode is based on iPhone hardware, it cannot be updated through the system. This has long-term implications for the entire iOS security mechanism. To our knowledge, this is the first study to introduce an undocumented LPM feature in iOS 15 and find various issues.”
The researchers added: “The LPM mechanism appears to be designed primarily from a functional perspective and does not take into account security threats outside the intended application. The power-off Find feature turns the iPhone in the user’s hand into a tracking device, while the Bluetooth firmware feature enables Not secure and could be manipulated or tampered with by malware.”
Of course, the researchers’ findings have limited real-world value. Because getting malware to keep running under shutdown requires first jailbreaking the iPhone, which is a daunting task in itself. Still, the always-functioning mechanism in iOS 15 could be exploited by malware to make it easier for criminals to spy on users.
In addition, if hackers find a security vulnerability vulnerable to wireless attacks, it could also infect the iPhone’s built-in chip, similar to the related vulnerabilities for Android devices.
In addition to allowing malware to run when the iPhone is turned off, an attack against the LPM mechanism can also allow malware to run stealthily in the background, because the LPM mechanism itself saves the battery power required to run the firmware. Of course, detecting whether a firmware is infected with malware itself is not easy and requires a lot of expertise and expensive equipment.
The researchers said Apple engineers reviewed the paper before it was published, but company representatives never provided any feedback on the content of the paper.
Research has shown that while the LPM mechanism in Apple’s iPhone allows users to locate a lost or stolen device when it’s powered off, it can unlock or open the doors even when the battery is dead. But security is a double-edged sword that has yet to be noticed.
“Hardware and software attacks similar to those described above have been shown to be feasible, so the research topics covered in the paper are timely and practical,” said John Loucaide, senior vice president of policy at firmware security firm Eclypsium. “This is typical of all devices. Manufacturers are adding new features all the time, and with every new feature, a new angle of attack emerges.”