A team of researchers at the Technical University of Darmstadt in Germany discovered it’s possible to run malware on an iPhone that has been turned off. This occurs first because the Find My feature, which can locate an iPhone that has been turned off is continuosly working having access to the CPU. Bluetooth, NFC and UWB are also in the same situation. So attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features. Attackers can then go on to access secure info such as a user’s credit card data, banking details or even digital car keys. However Threat actors would still need to load the malware when the iPhone is on for later execution when it’s off. The low power mode (LPM) is also exploited.
“The Bluetooth and UWB chips are hardwired to the [SE] in the NFC chip, storing secrets that should be available in LPM,” researchers explained. Even if all firmware would be protected against manipulation, an attacker with system-level access could still send custom commands to chips that “allow a very fine-grained configuration, including advertisement rotation intervals and contents.” A potential solution would be for Apple to add “a hardware-based switch to disconnect the battery” but for the instant the company did nothing relevant for this matter.