Faking an iPhone Reboot

2022-01-12 12:15

We'll dissect the iOS system and show how it's possible to alter a shutdown event, tricking a user that got infected into thinking that the phone has been powered off, but in fact, it's still running.

The "NoReboot" approach simulates a real shutdown.

The user cannot feel a difference between a real shutdown and a "Fake shutdown." There is no user-interface or any button feedback until the user turns the phone back "On."

Historically, when malware infects an iOS device, it can be removed simply by restarting the device, which clears the malware from memory.

This technique hooks the shutdown and reboot routines to prevent them from ever happening, allowing malware to achieve persistence as the device is never actually turned off.

Back when the physical buttons actually did things - like turn the power, the Wi-Fi, or the camera on and off - you could actually know that something was on or off.

News URL

https://www.schneier.com/blog/archives/2022/01/faking-an-iphone-reboot.html

#iphone