Turns out that shutting off a device still isn’t enough to stop the hackers anymore. A team of cybersecurity researchers at the Technical University of Darmstadt in Germany have discovered that iPhones can still be infected with malware when they’re powered down.
The key to this vulnerability lies in the iPhone’s low-power mode (LPM) feature. As it turns out, iPhones don’t completely shut off when you turn them off or when the battery gets drained. LPM kicks in and allows certain functions, like Bluetooth, near-field communication and ultra wideband, to continue running. The theory is that you would still be able to use Apple Wallet or start your car even if your phone has died.
However, if a malicious actor was able to jailbreak your phone first, which would fortunately be quite difficult, they would be able to run malware on it even if you turned it off thanks to LPM. “Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications. Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation,” the team said. They have reportedly notified Apple of their findings but have not received a reply.
