Wikinews interviews Secure Mobile Networking Lab about iPhone vulnerability in low power mode

From Wikinews, the free news source you can write!
Jump to navigation Jump to search
Emblem-important.svg

This article is a prepared story. It describes an event that is scheduled or expected but has not yet occurred.
If this article is ready to be developed, change the {{prepare}} tag to {{develop}}.
Prepared articles may (tempered by common sense, please) be subject to deletion if unsourced (with 10 days' notice) or if unused and expired (after 5 days).

This article is a prepared story. It describes an event that is scheduled or expected but has not yet occurred.
If this article is ready to be developed, change the {{prepare}} tag to {{develop}}.
Prepared articles may (tempered by common sense, please) be subject to deletion if unsourced (with 10 days' notice) or if unused and expired (after 5 days).
Wikinews Developing.png

This article is being developed. You can contribute or discuss its development.
If it is ready to be checked, you can Submit for review.
This is not a way to ask others to expand or finish the article!
You should review discussion about this article, and verify original reporting notes are adequate. Click to add OR notes.

This article is being developed. You can contribute or discuss its development.
If it is ready to be checked, you can Submit for review.
This is not a way to ask others to expand or finish the article!
You should review discussion about this article, and verify original reporting notes are adequate. Click to add OR notes.

Thursday, June 2, 2022

You can add an infobox from Category:Infoboxes.

On 12 May 2022, Secure Mobile Networking Lab, TU Darmstadt, Germany published a report of vulnerability in a jailbroken iPhone that allows an attacker to gain control over the device when it is seemingly off. In what is known as low-power mode, some chips of the device continue to run, with the benign intent of supplying users with some limited functionality, such as finding their device and some types of contactless keys.

The low-power mode involves supplying power to the Bluetooth chip, and the researchers showed how this could be misused to add malware to the device. This malware would operate in the low-power mode without switching on the device. The reporters noted jailbroken devices were not common, and majority of consumers did not jailbreak their phones. Furthermore, the researchers pointed out that this attack vector needed more research to evaluate the risk of writing more sophisticated malware that can attack non-jailbroken devices.

Researchers published their modified Broadcom firmware at InternalBlue and Frankenstein repositories.

Interview questions[edit]

Wikinews waves Left.png((WNWikinews waves Right.png)) When did you start looking at the low power mode? What prompted your interest?

Wikinews waves Left.png((WNWikinews waves Right.png)) Is low-power mode common in devices? Which ones have it and which ones don't?

Wikinews waves Left.png((WNWikinews waves Right.png)) Were low-power mode attacks, or discoveries of vulnerability, common previously? Could you please share some examples?

Wikinews waves Left.png((WNWikinews waves Right.png)) Is it possible to disable low-power mode in an iPhone completely? If so, how can this be achieved?

Wikinews waves Left.png((WNWikinews waves Right.png)) What iPhone/iOS versions are affected?

Wikinews waves Left.png((WNWikinews waves Right.png)) Do you see any privacy concerns with the device never becoming truly off? Is it possible for the users to "truly power off" the phone via a special combination of keys, or by adjusting their settings?

Wikinews waves Left.png((WNWikinews waves Right.png)) What is your opinion about battery not being removable on some modern smart phones? Do you think this makes them more vulnerable?

Wikinews waves Left.png((WNWikinews waves Right.png)) Has Apple released a fix? For example, does upgrading iPhone software help to resolve this problem?

Wikinews waves Left.png((WNWikinews waves Right.png)) Do you find Apple products contribution to the market improves users' privacy and smartphones' security, or the opposite? What major breakthroughs have major phone or cellular provider companies have contributed towards privacy and security of non-face-to-face communication in your experience? What companies, as an example that you know of, set a good example in this area?

Wikinews waves Left.png((WNWikinews waves Right.png)) Do you see problems with how Apple or another smartphone device or smartphone OS manufacturer tries to control the users? With surveillance from them, or perhaps from cellular networks operators? If so, who are the better players in this area that in your view should set an example to others?

Wikinews waves Left.png((WNWikinews waves Right.png)) Are you also working on analyzing the vulnerability of other devices - iPads or non-Apple devices? Perhaps smartwatches? Do you think their low power mode may pose a similar risk?

Wikinews waves Left.png((WNWikinews waves Right.png)) Do you see this attack venue being utilized to control a car that has contactless keys, or is this uncommon because the device is not jailbroken?


Sources[edit]

Information icon4.svg Note:First two sources written by the same author, based on the third source. It would be great to have at least one more independent source.
Retrieved from "https://en.wikinews.org/w/index.php?title=Wikinews_interviews_Secure_Mobile_Networking_Lab_about_iPhone_vulnerability_in_low_power_mode&oldid=4679508"