Even if you turn it off, an iPhone is not completely off. Security researchers have now exploited exactly this to crack an iPhone.

It’s a feature most iPhone users probably don’t even know about. If an Apple smartphone is switched off – whether manually or because the battery is empty – some background processes and sensors remain active. This should make thefts less attractive and help in the search for a lost device. However, there is also a risk in the procedure, as researchers from the University of Darmstadt have now shown.

In one study, they looked at the iPhone components that remain active while the device is actually switched off. And in fact, they not only succeeded in circumventing the security measures of the otherwise well-protected device, but also in gaining full access to the operating system, the researchers write in their paper.

Abused safeguard

There are actually good reasons why Apple leaves some components active. The so-called low-power mode allows the iPhone to continue to be used via NFC as a front door key or train card when the battery is empty. But the core function is even more important: A lost or stolen iPhone can be found even if it was switched off by the thief or finder or the battery didn’t last long. Even when switched off, the Bluetooth chip then continues to send signals that can be picked up by other iPhones. They then pass it on to Apple’s “Where is” network – and can show the finder the iPhone on a map. Apple’s AirTag tracking chips also work in this way.

The security researchers have now exploited precisely this approach. Because the Bluetooth chip does not sign and encrypt the firmware in low-power mode, they managed to inject malicious code into the iPhone via the chip, which was then executed when the device was restarted. This is how they got access to the device.

What does the iPhone hack mean for users?

Normal users initially have no way of protecting themselves against access such as that shown in the experiment. Because the low-power mode is set up at the hardware level, you can’t just turn it off to protect yourself. Only an update from Apple can remove the error.

However, the danger for average people has so far been more theoretical. The hack is highly complex, an attacker would have to have access to the device. However, it could be a way for thieves to reset stolen iPhones and then set them up again. This is currently only possible with a great deal of effort – and one reason why iPhones have become rather unattractive for thieves in recent years. Secret services and law enforcement agencies are also likely to be very interested in being able to read previously protected iPhones.

According to their information, the group has not yet answered a request from the researchers. However, they have their own suggestion on how to fix the problem: A hardware switch would allow users to completely disconnect the sensors that are still active from the battery and actually switch off the device, according to the researchers. Of course, the search function no longer works.

Source: University of Darmstadt

Also read:

Gigantic iPhone spying: Is the Chinese secret service behind it?

Hackers wanted to erase 200 million iPhones – if Apple doesn’t pay a ransom

Man opens sleeping ex-girlfriend’s eyes to unlock her smartphone – and steals 21,000 euros