Researchers have discovered an malware for iPhones that keeps running even after the device is turned off. When an iPhone’s power is turned off, the chips within function in a low-power mode to ensure the “Find My iPhone” feature operational. Researchers from Darmstadt’s Technical University in Germany demonstrated how this alwayson feature might be exploited to gain access to the phone.
They discovered that the iPhone’s Bluetooth chip lacks any mechanism for digital signatures or to encrypt the firmware it runs. By exploiting this flaw, the researchers were able to run a malicious firmware that allows any hacker to track an iPhone’s location or run new features even when the device is turned off. The researchers noted in a paper last week that “The current low-power mode implementation on Apple iPhones is opaque and adds new threats,” It’s important to note that such hacks only work on jailbroken iPhones, which are becoming increasingly rare. However, if the gadget has already been infected with malware like Pegasus, hackers may be able to exploit it to gain access.