1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers can break into your iPhone even when it's switched off

    From TechnologyDaily@1337:1/100 to All on Thu May 19 13:45:04 2022
    Hackers can break into your iPhone even when it's switched off

    Date:
    Thu, 19 May 2022 12:20:06 +0000

    Description:
    Just because your phone is turned off, doesn't mean it can't still run malware.

    FULL STORY ======================================================================

    Cybersecurity researchers have discovered a way to run malware on Apple's iPhones , even when the device is switched off.

    A report published by the Technical University of Darmstadt in Germany
    details an exploit that takes advantage of the iPhone's low-power mode (LPM) to track location and perform various malware attacks.

    LPM allows certain smartphone facilities - such as Bluetooth, near-field communication (NFC) and or ultra-wideband - to run even when the device is turned off or when its battery is depleted.

    When an iPhone is shut down, its never truly off, as these components can still run 24/7. The idea is that people will still be able to their on-device wallets and keys, even when they are out of battery.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Functionality vs. security

    The problem with such a system is that the Bluetooth chip cannot digitally sign or encrypt the firmware it runs, the report explains.

    The current LPM implementation on Apple iPhones is opaque and adds new threats. Since LPM support is based on the iPhones hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the
    overall iOS security model. To the best of our knowledge, we are the first
    who looked into undocumented LPM features introduced in iOS 15 and uncover various issues," the researchers state.

    Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation. Read more

    This serious iPhone security flaw was exploited by a second Israeli spy
    firm


    Apple releases urgent security fix for iPhone and Mac devices


    Apple just patched a whole load of iPad, macOS and iPhone security bugs,
    so update now

    Thankfully, abusing the flaw is far from practical, because the attacker
    would first need to jailbreak the iPhone, which is a feat in itself.

    But in the unlikely case of a successful attack, the intruder would be able
    to operate more stealthily, as compromised firmware is almost impossible to detect.

    Apple has been notified of the findings, the researchers have said, but has not yet responded to the disclosure. TechRadar Pro has also asked the company for comment. Shield your device against attack with the best iPhone antivirus

    Via Ars Technica



    ======================================================================
    Link to news story: https://www.techradar.com/news/apple-iphones-are-apparently-vulnerable-to-atta ck-even-when-switched-off/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)