Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.
Attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features Bluetooth, Near Field Communication (NFC ) and Ultra-wideband ( UWB) technologies in the device, researchers have found.
These features—which have access to the iPhone’s Secure Element (SE), which stores sensitive info–stay on even when modern iPhones are powered down, a team of researchers from Germany’s Technical University of Darmstadt discovered.
This makes it possible, for example, “to load malware onto a Bluetooth chip that is executed while the iPhone is off,” they wrote in a research paper titled “Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhone.”
By compromising these wireless features, attackers can then go on to access secure info such as a user’s credit card data, banking details or even digital car keys on the device, researchers Jiska Classen, Alexander Heinrich, Robert Reith and Matthias Hollick of the university’s Secure Mobile Networking Lab disclosed in the paper.
Though the risk is real, exploiting the scenario is not so straightforward for would-be attackers, researchers acknowledged. Threat actors would still need to load the malware when the iPhone is on for later execution when it’s off, they said. This would require system-level access or remote code execution (RCE), the latter of which they could gain by using known flaws, such as BrakTooth, researchers said.
Root of the Issue
The root cause of the issue is the current implementation of low power mode (LPM) for wireless chips on iPhones, researchers detailed in the paper. The team differentiated between the LPM that these chips run on versus the power-saving app that iPhone users can enable on their phones to save battery life.
The LPM at issue is “either activated when the user switches off their phone or when iOS shuts down automatically due to low battery,” they wrote.
While the current LPM implementation on iPhones increases “the user’s security, safety, and convenience in most situations,” it also “adds new threats,” researchers said.
LPM support is based on the iPhone’s hardware, so it can’t be removed with system updates and thus has “a long-lasting effect on the overall iOS security model,” they said.
“The Bluetooth and UWB chips are hardwired to the [SE] in the NFC chip, storing secrets that should be available in LPM,” researchers explained. “Since LPM support is implemented in hardware, it cannot be removed by changing software components. As a result, on modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown. This poses a new threat model.”
Sample Threat Scenario
Researchers analyzed the security of LPM features in a layered approach, observing the impact of the feature on application-, firmware- and hardware-level security.
For example, a potential threat scenario that they outlined on the iPhone’s firmware assumes that an attacker either has system-level access or can gain remote code execution (RCE) using a known Bluetooth vulnerability, such as the aforementioned Braktooth flaw.
In this attack, a threat actor with system-level access could modify firmware of any component that supports LPM, researchers said. This way, they maintain control, albeit limited, of the iPhone even when the user powers it off, researchers said.
“This might be interesting for persistent exploits used against high-value targets, such as journalists,” they wrote.
In the case of leveraging an RCE flaw, actors have a smaller attack surface but could still access data via NFC Express Mode, Bluetooth and UWB DCK 3.0, researchers note. However, “Apple already minimizes the attack surface by only enabling these features on demand,” they wrote.
Even if all firmware would be protected against manipulation, an attacker with system-level access could still send custom commands to chips that “allow a very fine-grained configuration, including advertisement rotation intervals and contents,” researchers noted.
This could allow an attacker to create settings that would allow them to locate a user’s device even more accurately than the legitimate user in the Find My application, for example.
Apple’s Response and Potential Mitigation
Before publishing the paper, researchers reported their research to Apple, which didn’t provide feedback on the issues raised by their findings, they said.
A potential solution to the scenario would be for Apple to add “a hardware-based switch to disconnect the battery” so these wireless elements wouldn’t have power while an iPhone is powered down, researchers said.
“This would improve the situation for privacy-concerned users and surveillance targets like journalists,” they noted.