Malware could be loaded into the Bluetooth chips of iPhones and could be executed even if the devices are turned off through a new attack surface discovered by researchers at the Technical University of Darmstadt's Secure Mobile Networking Lab, according to The Hacker News
Researchers detailed that the novel attack exploits the continued operation of Bluetooth, near-field communication, and ultra-wideband chips while iOS is shut down.
"The Bluetooth and UWB chips are hardwired to the Secure Element (SE) in the NFC chip, storing secrets that should be available in LPM. Since LPM support is implemented in hardware, it cannot be removed by changing software components. As a result, on modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown. This poses a new threat model," researchers said in the report, which will be presented at this week's ACM Conference on Security and Privacy in Wireless and Mobile Networks.
Attackers could exploit the attack surface by leveraging the operating system to communicate with the firmware, implementing firmware image alterations, and exploiting BrakTooth
and other vulnerabilities to achieve code execution, added researchers.