Scroll Top

Researchers show it’s possible to load malware onto switched off phones



When your smartphone is off it isn’t and that means certain active components can be hacked even when you think they can’t.


Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trendsconnect, watch a keynote, or browse my blog.

With the latest iOS, it’s possible to locate your iPhone even if it’s powered off. That’s because even when the iPhone is turned off, certain wireless chips remain on, allowing the phone to still send signals that can help locate it.


Pinsized sensor brings chemical identification to your smartphone


Now, a group of researchers from the Technical University of Darmstadt in Germany has found that one of those chips, the one that enables Bluetooth, can be exploited and hacked to install malware on the phone – even when it’s turned off.

The researchers said in their research paper, posted last week to the arXiv preprint server, that they were able to show that it’s possible install malware on the Bluetooth chip. It’s important to note, though, that this research is at this point mostly theoretical and there’s no evidence that this kind of attack has been used in the wild. Also, as the researchers point out in the paper, hackers would need to first hack and jailbreak the iPhone to be able to access the Bluetooth chip and exploit it, potentially making it a bit redundant in most cases.


Re-igniting Moore's Law, MIT's radical Carbon Nanotube computer leaps from lab to factory


Still, even for hackers who have already taken control of the phone, hacking the Bluetooth chip would give them access to another place to collect data, an especially useful one because it’s available even when the phone is powered off.

“[Low-Power Mode] is a relevant attack surface that has to be considered by high-value targets such as journalists, or that can be weaponized to build wireless malware operating on shutdown iPhones,” the paper read.

The researchers explain in the paper that the Bluetooth chip, as well as other wireless chips – those that run Near Field Communication or NFC, which is used for Apple Pay, for example,  and Ultra-wideband (UWB) which is used along with Bluetooth to turn the iPhone into a car key – keep running when the phone is off in what the researchers call Low-Power Mode, noting that it “is different from the energy saving mode indicated by a yellow battery icon.”


World first as AI and Blockchain come together to boost "Robot Intelligence"


The researchers conclude that Apple’s implementation of this Low-Power Mode ultimately enhances the security of users because it allows them to find a lost or stolen phone even if it’s turned off. But because the wireless chips are still on, they also pose a new threat model.

The researchers wrote in the paper that they disclosed the issues they found to Apple, and the company did not have any feedback. Apple declined to comment, and the researchers did not respond to a request for comment.

Ryan Duff, a security researcher who has experience with iOS, told Motherboard recently that the attack described in the paper would be useful as an add-on to an existing malware implant “but it’s not really a standalone attack without additional vulnerabilities and exploits.” That’s because the researchers did not show that it’s possible to hack the Bluetooth chip on its own and then jump from there and hack the phone.


Lone researcher stops one of the biggest open source backdoor attacks in history


“It may be possible to exploit the Bluetooth chip directly and modify the firmware but the researchers did not do that and there isn’t a known exploit that would currently allow that,” Duff, who is the director of cyber products at cybersecurity firm SIXGEN, told Motherboard in an online chat after reviewing the research paper. “The same applies from jumping from the Bluetooth to the phone. It would require an additional exploit.”

Still, the researchers’ findings show an attack that could have real-life applications.

“It’s something running after the phone is off, which could be useful,” Ryan added. “Network connectivity is not part of it though so whatever is collected would only be accessible to an attacker after power-on.”

Related Posts

Leave a comment


1000's of articles about the exponential future, 1000's of pages of insights, 1000's of videos, and 100's of exponential technologies: Get The Email from 311, your no-nonsense briefing on all the biggest stories in exponential technology and science.

You have Successfully Subscribed!

Pin It on Pinterest

Share This