A team of researchers out of Germany has provided evidence of iPhones still being hackable even when powered off.
The researchers come from the Technical University of Darmstadt in Germany and have been able to identify an exploit that came with a new feature in iOS 15. The new feature allows for the iPhone's "Find My" application to continue running for a few hours after the phone is powered off, which is very helpful for users who have had their device stolen.
The continued tracking is done through the phone's Bluetooth, NFC, and ultra-wideband chips, as all three maintain a lower-power mode despite the phone appearing off. The researchers were able to find an exploit in the Bluetooth firmware that they say could be modified to run malware. However, the conditions for this exploit to present itself need to be favorable, as explained by security researcher Ryan Duff who spoke to Motherboard about the researcher's recently released paper.
"It may be possible to exploit the Bluetooth chip directly and modify the firmware but the researchers did not do that and there isn't a known exploit that would currently allow that. It's not really a standalone attack without additional vulnerabilities and exploits."" said Duff.
The researchers contacted Apple about the exploit, and the company declined to comment on it when asked by Motherboard. Furthermore, the researchers believe low power mode (LPM) is "a relevant attack surface that has to be considered by high-value targets such as journalists, or that can be weaponized to build wireless malware operating on shutdown iPhones."