Researchers find potential way to run malware on iPhone even when it's off
By MYBRANDBOOK
A first-of-its-kind security analysis of iOS Find My function has identified an attack surface that makes it possible to interfere with the firmware and load malware onto a Bluetooth chip that is executed while an iPhone is “off”.
The mechanism takes advantage of the wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate while iOS is shut down when entering a “power reserve” Low Power Mode (LPM).
The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM. Since LPM support is implemented in hardware, it cannot be removed by changing software components. As a result, on modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown. This poses a new threat model.
By taking advantage of this loophole, an adversary with privileged access can create malware that is capable of being executed on an iPhone Bluetooth chip even when it's powered off. The attacker must be able to communicate to the firmware via the operating system, modify the firmware image, or gain code execution on an LPM-enabled chip over-the-air by exploiting flaws.
The LPM features, newly introduced last year with iOS 15, make it possible to track lost devices using the Find My network even when run out of battery power or have been shut off. Current devices with Ultra-wideband support include iPhone 11, iPhone 12, and iPhone 13.
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
Google Pay has added "Open Wallet" shortcut
With the introduction of the "Open Wallet" shortcut, Google Pay has impro...
SAFE SECURITY SERVICES PVT. LTD.
NUMERIC INDIA, A Group Brand Legrand
DELL TECHNOLOGIES INDIA PVT. LTD.
SECUREYE SERVICES PVT. LTD.
Technology Icons Of India 2023: Kumar Mangalam Birla
Aditya Birla Group chairman Kumar Mangalam Birla’s return to Vodafon...
Technology Icons Of India 2023: Ashwini Vaishnaw
Ashwini Vaishnaw is an Indian politician and former IAS officer and is...
Technology Icons Of India 2023: Sridhar Vembu
Sridhar Vembu is an Indian billionaire business magnate and the Founde...
ECIL continues to keep India ahead in the growth of Information Technology and Electronics
ECIL played a very significant role in the training and growth of high...
HPCL is transforming the energy landscape, across the nation and beyond
HPCL is world-class energy company known for caring and delighting the...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
WPG C&C COMPUTERS & PERIPHERALS PVT. LTD.
WPG C&C Computers & Peripherals (India) was incorporated in 2008 and ...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...