Researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt have created a Proof of Concept (POC) attack for loading malware onto the Bluetooth chip of an iPhone while the phone is powered off. There are no reports of such an attack in the wild and no immediate threat is known. However, since Bluetooth, Near-field Communication (NFC), and ultra-wideband (UWB) chips remain active for features such as FindMyPhone and Apple Wallet, the POC demonstrates that malware can be loaded onto a device even when it is powered off, as long as the phone hardware has initiated Apple’s Low Power Mode (LPM). Attack vectors would require already established privileged access on the iPhone or a wireless exploitation such as BrakTooth.
Analyst Notes
No immediate threat is presented by this academic POC, but individuals and organizations should look for updates that patch these vulnerabilities. There are currently no known deployable mitigations or workarounds since the vulnerability is on the phone’s firmware and not on the more easily patched iOS.
More generally, individuals employing Multi-Factor Authentication (MFA) via personal cell phones are essentially implementing a Bring-Your-Own-Device (BYOD) policy. Organizations are recommended to continue to use Mobile Device Management (MDM) and Network Access Control (NAC) solutions and policies in order to mitigate such risks. In addition, a post-exploitation component of a defense in depth strategy, such as deploying the MDR and Threat Hunting services offered by Binary Defense, is a necessary strategy to mitigate risks in the modern threat environment.
https://thehackernews.com/2022/05/researchers-find-way-to-run-malware-on.html
https://arxiv.org/pdf/2205.06114.pdf
https://thehackernews.com/2021/09/new-braktooth-flaws-leave-millions-of.html
