Apple Inc.’s iPhone is not immune to malware attacks when it is switched off, researchers at the Technical University of Darmstadt, Germany said in a research paper titled “Evil Never Sleeps.”
A new type of malware developed by researchers at the university can infest the iPhone.
Even with a user-initiated shutdown, the iPhone can be located through the “Find My” network, and when the battery runs low, the device enters a power-reserve mode but users can still access credit cards, student passes, and other items in their Wallets, researchers said.
In all iPhones launched since 2018, Bluetooth, near-field communication, and ultra-wideband continue to run even after the device is turned off.
These chips can run in a low-power mode (LPM) when the iPhone doesn’t react to tapping the screen or shaking. The mode is activated either when the user switches off their iPhone or when iOS shuts down automatically due to low battery levels.
Since LPM support is implemented in hardware, it cannot be removed by software updates.
“The Bluetooth and UWB chips are hardwired to the Secure Element in the NFC chip, storing secrets that should be available in LPM,” the researchers said.
The researchers used the Bluetooth chip to load malware, which gets executed when the iPhone is switched off.
They recommended that Apple should consider adding a hardware-based switch to disconnect the battery, which would help privacy-concerned users and surveillance targets.