Wikinews interviews Secure Mobile Networking Lab about iPhone vulnerability in low power mode

From Wikinews, the free news source you can write!
Jump to navigation Jump to search

Thursday, June 2, 2022

You can add an infobox from Category:Infoboxes.

On 12 May 2022, Secure Mobile Networking Lab, TU Darmstadt, Germany published a report of vulnerability in a jailbroken iPhone that allows an attacker to gain control over the device when it is seemingly off. In what is known as low-power mode, some chips of the device continue to run, with the benign intent of supplying users with some limited functionality, such as finding their device and some types of contactless keys.

The low-power mode involves supplying power to the Bluetooth chip, and the researchers showed how this could be misused to add malware to the device. This malware would operate in the low-power mode without switching on the device. The reporters noted jailbroken devices were not common, and majority of consumers did not jailbreak their phones. Furthermore, the researchers pointed out that this attack vector needed more research to evaluate the risk of writing more sophisticated malware that can attack non-jailbroken devices.

Researchers published their modified Broadcom firmware at InternalBlue and Frankenstein repositories.

Interview questions[edit]

Wikinews waves Left.png((WNWikinews waves Right.png)) When did you start looking at the low power mode? What prompted your interest?

Wikinews waves Left.png((WNWikinews waves Right.png)) Is low-power mode common in devices? Which ones have it and which ones don't?

Wikinews waves Left.png((WNWikinews waves Right.png)) Were low-power mode attacks, or discoveries of vulnerability, common previously? Could you please share some examples?

Wikinews waves Left.png((WNWikinews waves Right.png)) Is it possible to disable low-power mode in an iPhone completely? If so, how can this be achieved?

Wikinews waves Left.png((WNWikinews waves Right.png)) What iPhone/iOS versions are affected?

Wikinews waves Left.png((WNWikinews waves Right.png)) Do you see any privacy concerns with the device never becoming truly off? Is it possible for the users to "truly power off" the phone via a special combination of keys, or by adjusting their settings?

Wikinews waves Left.png((WNWikinews waves Right.png)) What is your opinion about battery not being removable on some modern smart phones? Do you think this makes them more vulnerable?

Wikinews waves Left.png((WNWikinews waves Right.png)) Has Apple released a fix? For example, does upgrading iPhone software help to resolve this problem?

Wikinews waves Left.png((WNWikinews waves Right.png)) Do you find Apple products contribution to the market improves users' privacy and smartphones' security, or the opposite? What major breakthroughs have major phone or cellular provider companies have contributed towards privacy and security of non-face-to-face communication in your experience? What companies, as an example that you know of, set a good example in this area?

Wikinews waves Left.png((WNWikinews waves Right.png)) Do you see problems with how Apple or another smartphone device or smartphone OS manufacturer tries to control the users? With surveillance from them, or perhaps from cellular networks operators? If so, who are the better players in this area that in your view should set an example to others?

Wikinews waves Left.png((WNWikinews waves Right.png)) Are you also working on analyzing the vulnerability of other devices - iPads or non-Apple devices? Perhaps smartwatches? Do you think their low power mode may pose a similar risk?

Wikinews waves Left.png((WNWikinews waves Right.png)) Do you see this attack venue being utilized to control a car that has contactless keys, or is this uncommon because the device is not jailbroken?


Sources[edit]