Security News > 2022 > January > Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying
A new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real power-off while allowing malware to remain active in the background.
"The NoReboot approach simulates a real shutdown. The user cannot feel a difference between a real shutdown and a fake shutdown. There is no user-interface or any button feedback until the user turns the phone back 'on'we cannot, and should not, trust a normal reboot."
From a practical perspective, researchers pointed out that the technique could be built into malware designed to detect when a user is trying to turn off the phone; or the malware could simulate a "Low battery" state to use as an excuse for a "Shutdown."
What Happens when the iPhone is Powered On? When a user goes to turn the phone back on, the normal routine is that the Apple logo appears as the phone wakes up.
ZecOps researchers noted that even though they call the issue a "Persistence bug," it can't actually be patched because "It's not exploiting anybugs at all - only playing tricks with the human mind." Via Twitter, the firm said that the technique works on every version of iPhone, and to prevent it, Apple would need to build in a hardware-based indicator for iPhone sleep/wake/off status.
To protect themselves, iPhone users should run standard checks for malware and trojanized apps, and take the usual vetting precautions when downloading and installing new apps.
News URL
https://threatpost.com/apple-iphone-malware-fake-shutdowns-spying/177420/
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)
- Apple: Mercenary spyware attacks target iPhone users in 92 countries (source)
- Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks (source)