See how Hackers Could Track Your iPhone Even When It’s Off

Even shutting down your iPhone might not keep it safe from hackers, but experts say most people don’t have much to worry about.

Cybersecurity researchers have discovered a way to run malware on Apple’s iPhones, even when the device is switched off.

A report published by the Technical University of Darmstadt in Germany details an exploit that takes advantage of the iPhone’s low-power mode (LPM) to track location and perform various malware attacks.

Researchers at Germany’s Technical University of Darmstadt have found that iPhones can be vulnerable to security threats even when powered off. Wireless chips, including Bluetooth, run using low power mode when the power is off. Malicious actors can take advantage of the reduced power mode to use malware.

This comes in light of the new iOS 15 update, which includes a feature that allows you to be able to locate an iPhone even when it’s powered off.

Apple has claimed that this new feature will enhance the security of users because it allows them to find a lost or stolen phone, even when turned off.

“When an iPhone user shuts down their device through the phone’s menu or power button, they have a reasonable belief that all the processors are shut down, but that’s not the case,”

The German researchers examined the iPhone’s low-power mode (LPM) that powers near-field communication, ultra-wideband, and Bluetooth.

“The current LPM implementation on Apple iPhones is opaque and adds new threats,” the researchers wrote in the paper. “Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the overall iOS security model. To the best of our knowledge, we are the first who looked into undocumented LPM features introduced in iOS 15 and uncover various issues.”

“Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation.”

“These are what runs most of the operating system and call capability. “However, there are numerous additional processors now in phones, such as the Secure Enclave Processor and the Bluetooth Processor on iPhones. These processors can be exploited much like the AP and BP.”

Don’t worry too much about threats when your phone is powered off, though. “The bright side is that threats targeting stand-by processors that are running when a device is shut down are theoretical,”

The director of Mac &Mobile at Malwarebytes, Thomas Reed, a maker of anti-malware software,  said in an email that there’s no known malware using BLE firmware compromise to remain persistent when the phone is ‘off.’

“If you need to not be tracked for a while, leave your phone in a location where it’s reasonable to expect you might spend some time.”

He added that “further, unless you are likely to be targeted by a nation-state adversary—for example, if you are a human rights advocate or journalist critical of an oppressive regime—you’re not likely to ever run into this kind of problem,” he added. “If you actually are a potential target for a nation-state adversary, don’t trust that your phone is ever truly off.”