Researchers show it's possible to load malware onto switched off phones

0 0

By Matthew Griffin Security and Privacy 17th May 2022

WHY THIS MATTERS IN BRIEF

When your smartphone is off it isn’t and that means certain active components can be hacked even when you think they can’t.

Love the Exponential Future? Join our XPotential Community, future proof yourself with courses from XPotential University, read about exponential tech and trends, connect, watch a keynote, or browse my blog.

With the latest iOS, it’s possible to locate your iPhone even if it’s powered off. That’s because even when the iPhone is turned off, certain wireless chips remain on, allowing the phone to still send signals that can help locate it.

This new water based computer chip brings Terahertz computing in reach

Now, a group of researchers from the Technical University of Darmstadt in Germany has found that one of those chips, the one that enables Bluetooth, can be exploited and hacked to install malware on the phone – even when it’s turned off.

The researchers said in their research paper, posted last week to the arXiv preprint server, that they were able to show that it’s possible install malware on the Bluetooth chip. It’s important to note, though, that this research is at this point mostly theoretical and there’s no evidence that this kind of attack has been used in the wild. Also, as the researchers point out in the paper, hackers would need to first hack and jailbreak the iPhone to be able to access the Bluetooth chip and exploit it, potentially making it a bit redundant in most cases.

This new quantum computing algorithm could crack the world's encryption faster than before

Still, even for hackers who have already taken control of the phone, hacking the Bluetooth chip would give them access to another place to collect data, an especially useful one because it’s available even when the phone is powered off.

“[Low-Power Mode] is a relevant attack surface that has to be considered by high-value targets such as journalists, or that can be weaponized to build wireless malware operating on shutdown iPhones,” the paper read.

The researchers explain in the paper that the Bluetooth chip, as well as other wireless chips – those that run Near Field Communication or NFC, which is used for Apple Pay, for example, and Ultra-wideband (UWB) which is used along with Bluetooth to turn the iPhone into a car key – keep running when the phone is off in what the researchers call Low-Power Mode, noting that it “is different from the energy saving mode indicated by a yellow battery icon.”

Researchers use wifi to read words hidden behind walls in yet another first

The researchers conclude that Apple’s implementation of this Low-Power Mode ultimately enhances the security of users because it allows them to find a lost or stolen phone even if it’s turned off. But because the wireless chips are still on, they also pose a new threat model.

The researchers wrote in the paper that they disclosed the issues they found to Apple, and the company did not have any feedback. Apple declined to comment, and the researchers did not respond to a request for comment.

Ryan Duff, a security researcher who has experience with iOS, told Motherboard recently that the attack described in the paper would be useful as an add-on to an existing malware implant “but it’s not really a standalone attack without additional vulnerabilities and exploits.” That’s because the researchers did not show that it’s possible to hack the Bluetooth chip on its own and then jump from there and hack the phone.

Jack Dorsey wants Elon Musk to turn Twitter into a protocol not a company

“It may be possible to exploit the Bluetooth chip directly and modify the firmware but the researchers did not do that and there isn’t a known exploit that would currently allow that,” Duff, who is the director of cyber products at cybersecurity firm SIXGEN, told Motherboard in an online chat after reviewing the research paper. “The same applies from jumping from the Bluetooth to the phone. It would require an additional exploit.”

Still, the researchers’ findings show an attack that could have real-life applications.

“It’s something running after the phone is off, which could be useful,” Ryan added. “Network connectivity is not part of it though so whatever is collected would only be accessible to an attacker after power-on.”

Matthew Griffin / About Author

Matthew Griffin, described as “The Adviser behind the Advisers” and a “Young Kurzweil,” is the founder and CEO of the World Futures Forum and the 311 Institute, a global Futures and Deep Futures consultancy working across the next 50 years, and is an award winning futurist, and author of “Codex of the Future” series.

Regularly featured in the global media, including AP, BBC, Bloomberg, CNBC, Discovery, RT, Viacom, and WIRED, Matthew’s ability to identify, track, and explain the impacts of hundreds of revolutionary emerging technologies on global culture, industry and society, is unparalleled. Recognised for the past six years as one of the world’s foremost futurists, innovation and strategy experts Matthew is an international speaker who helps governments, investors, multi-nationals and regulators around the world envision, build and lead an inclusive, sustainable future.

A rare talent Matthew’s recent work includes mentoring Lunar XPrize teams, re-envisioning global education and training with the G20, and helping the world’s largest organisations envision and ideate the future of their products and services, industries, and countries.

Matthew's clients include three Prime Ministers and several governments, including the G7, Accenture, Aon, Bain & Co, BCG, Credit Suisse, Dell EMC, Dentons, Deloitte, E&Y, GEMS, Huawei, JPMorgan Chase, KPMG, Lego, McKinsey, PWC, Qualcomm, SAP, Samsung, Sopra Steria, T-Mobile, and many more.