It’s Possible to Hack an iPhone When Powered Off

With the infamous Pegasus malware making the news, the idea of bad actors installing malicious software on your iPhone isn’t far fetched. However, that malware usually gets there when the phone is turned on. As it happens, researchers have found a way to install malware on a powered-off iPhone. Here’s the thing: when you “shut down” your iPhone, it doesn’t
May 17, 2022
 / 
meritsolutions
 / 
Image

With the infamous Pegasus malware making the news, the idea of bad actors installing malicious software on your iPhone isn’t far fetched. However, that malware usually gets there when the phone is turned on. As it happens, researchers have found a way to install malware on a powered-off iPhone.

Here’s the thing: when you “shut down” your iPhone, it doesn’t fully power off. There are still components inside the devices running at such a low power that battery degradation is negligible. Still, these chips are “on,” and able to run tasks like checking your location.

Researchers at Germany’s Technical University of Darmstadt, then, figured out a way to run malware on an iPhone in this state. They’re taking advantage of a flaw in the iPhone’s Bluetooth chip, which isn’t designed to encrypt its firmware. The malware the researchers ran allowed them to track the device’s location and even run tasks.

Don’t panic yet: the researchers were only able to produce these results on a jailbroken iPhone, which requires the user to intentionally bypass their iPhone’s software restrictions in order to install custom programs. At this time, you’re pretty much safe from anyone taking advantage of your iPhone while its powered off. However, the research shows this type of attack is not hypothetical, and, with enough time, hackers could figure out how to make it work on a meaningful scale.

Until then, we hope Apple works to shore up security on its low-power chips. The benefits that come from this technology would be overshadowed by this malware threat, should it ever come to pass.

[Ars Technica]

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.