Researchers from a university in Germany have analyzed the low-power mode (LPM) implementation on iPhones and found that it introduces potentially serious security risks, even allowing attackers to run malware on powered-off devices.
LPM is activated when the user switches off the iPhone or when the device shuts down due to low battery. While the device appears completely turned off, LPM ensures that certain features are still available, including the Find My service (for locating a device), digital car keys, payment apps, and travel cards.
While LPM has many benefits, it also introduces some security risks that cannot be ignored, particularly by journalists, activists and other individuals who are more likely to be targeted by well-funded threat actors.
An analysis conducted by a team of researchers from the Secure Mobile Networking Lab at TU Darmstadt showed that, on recent iPhone models, Bluetooth, NFC and Ultra-wideband (UWB) wireless communication systems remain active even after the device has been shut down. They conducted an analysis of the features introduced in iOS 15.
“The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM. Since LPM support is implemented in hardware, it cannot be removed by changing software components. As a result, on modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown,” the researchers explained.
The researchers checked if applications that rely on LPM (e.g. Find My) work as intended, as well as impact on hardware and firmware security.
In the firmware-focused analysis, the researchers assumed the attacker had privileged firmware access, being able to send custom commands to the firmware, modify the firmware image, or achieve code execution over the air. They claim that once the firmware has been compromised, the attacker can maintain limited control of the device even after it has been powered off by the user, which could be useful for persistent exploits.
In the case of the hardware layer, the researchers assumed that the attacker did not manipulate hardware. They focused on determining which components could be powered on without the user’s knowledge and which applications could be built.
They also detailed how Bluetooth LPM firmware can be changed to run malware on an iPhone 13 when the device is powered off. This is possible because the firmware is not signed or encrypted and the Bluetooth chip does not have secure boot enabled.
“Design of LPM features seems to be mostly driven by functionality, without considering threats outside of the intended applications,” the researchers said in their paper. “Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation. Tracking properties could stealthily be changed by attackers with system-level access.”
“Furthermore, modern car key support requires UWB in LPM. Bluetooth and UWB are now hardwired to the SE, used to store car keys and other secrets. Given that Bluetooth firmware can be manipulated, this exposes SE interfaces to iOS. However, the SE is specifically meant to protect secrets under the condition that iOS and applications running on it could be compromised,” they added.
The researchers believe Apple should add a hardware switch to disconnect the battery, which would “improve the situation for privacy-concerned users and surveillance targets like journalists.”
The researchers said they reported their findings to Apple, but the tech giant provided no feedback before their paper was published last week. SecurityWeek has reached out to Apple for comment and will update this article if the company responds.
Earlier this year, other researchers showed how a piece of iOS malware can achieve persistence on an iPhone by faking the device’s shutdown process.