Powered Off iPhones Can Still Be Affected By Malware Attacks
Just because you turn off your iPhone doesn’t mean it is safe from cyberattacks. Unfortunately, iPhones can still be targeted even if they are powered off due to how Bluetooth, Near Field Communication (NFC), and Ultra-wideband (UWB) are implemented through Apple. In other words, even if your iPhone is off, it still doesn’t fully power down.
These features have access to the iPhone’s Secure Element (SE), which is where sensitive data is stored. Even when the iPhone is powered off, these features stay on, which means cyber criminals can have the opportunity to steal your data at all times. What they would need to do is load the malware while your phone is still on so they can execute later when it’s off.
The root of these problems are due to how low power mode (LPM) is implemented for wireless chips on iPhones. While LPM can increase the user’s security and convenience in most situations, it can also add new threats. Since LPM allows firmware to conserve the battery, exploiters who target LPM make the malware more difficult to detect.
Although Apple hasn’t responded with a solution yet, the best case scenario would be for them to add a switch that is hardware based, that way the battery can be disconnected. If this were the case, then these wireless elements wouldn’t have any power while the iPhone was off.
Categorised in: IT Threat