iPhone malware could work even when the phone is off

News
By
published

Researchers have found a new iPhone hacking method that doesn't need them switched on

Finger typing passcode into iPhone screen.
(Image credit: ymgerman/Shutterstock)

Your iPhone is always at some risk from hacking and malware, no matter how small. But something that seems to have been overlooked until now is how that risk is still present even with the power off.

Researchers at the Technical University of Darmstadt in Germany (via Ars Technica) have claimed to be the first to investigate the security risks of low-power mode chips. The video below gives a brief outline of exactly what this means.

These LPM abilities can be found in the Bluetooth, NFC and ultra-wideband chips in modern iPhones, and allow them to run for up to 24 hours after you switch off your iPhone or run out of battery (not to be confused with the iPhone's power-saving mode, indicated by a yellow battery icon). These are useful additions because they are what allow you to find lost iPhones or use things like digital car keys and express payment cards even with no charge. But as the Darmstadt researchers show, this is open to exploitation.

In their paper, Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones, the researchers explain that this LPM quirk could be exploited by modifying the Bluetooth chip's firmware and loading in malware. This could be used to secretly monitor a user, as it's hard to detect firmware changes without specific knowledge and equipment or to gain access to secure data within the phone.

As this feature is part of the phone's components, it's not something Apple is able to just disable in a software update. This is an attack method that's going to remain in place for a long time, and so, the researchers argue, it's important to acknowledge the risk, even if these features have entirely benign and practical uses.

The good news is actually accessing these components would require "jailbreaking" the iPhone, which takes a lot of work and physical access to the phone. However, if other security flaws were to be discovered that could be used in tandem, this could become more dangerous. 

Apple is at least aware of the issue since the researchers shared their findings with the company before publishing. There's been no response as of yet though. 

The researchers suggest Apple offer a hardware-level battery disconnect option to allow privacy-focused users to defend themselves against the kind of attacks they've explored. It seems a long shot, but perhaps Apple will listen given how often it boasts about its devices' privacy compared to the best Android phones.

See more Phones News
TOPICS
Richard Priday
Richard Priday
Assistant Phones Editor

Richard is based in London, covering news, reviews and how-tos for phones, tablets, gaming, and whatever else people need advice on. Following on from his MA in Magazine Journalism at the University of Sheffield, he's also written for WIRED U.K., The Register and Creative Bloq. When not at work, he's likely thinking about how to brew the perfect cup of specialty coffee.

Read more
Find My iPhone
Apple Find My hack turns any Bluetooth device into a secret AirTag — what we know
iPhone with USB-C charging cable
Apple’s proprietary USB-C controller has officially been hacked – what you need to know
iPhone 15 Pro Max shown in hand
iMessage under attack from scammers sending phishing messages — don’t fall for it
iPhone with USB-C charging cable
Charging your iPhone? You might want to stay away from third-party USB-C cables
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.
Mac and iPhone users beware — Apple processors can be exploited to steal sensitive information
Latest in iPhones
A render of the iPhone 17 Pro Max
iPhone 17 Pro Max — this new rumor could push people towards iPhone 17 Air
Apple Intelligence logo on iPhone
Apple confirms Siri 2.0 is delayed — 'it’s going to take us longer than we thought'
iPhone 17 Pro render
iPhone 17 Pro Max and iPhone 17 Air designs just teased in new video — here's your first look
Torras Ostand for iPhone 16e case being held in hand
Best iPhone 16e cases in 2025
iOS 18.4 logo on an iPhone
iOS 18.4 public beta 2 is here — all the new features to try on your iPhone
Snap Grip Wallet.
I’ve tried dozens of wallet cases, but this MagSafe wallet does one thing I haven’t seen before
Latest in News
Apple smart display concept
Apple's rumored smart home hub 'postponed' due to Siri — here's what we know
Samsung's Project Moohan with Android XR at Galaxy Unpacked 2025
Samsung's XR headset could launch this summer — but at Apple Vision Pro prices, is it already doomed?
Juana Acosta as Bárbara Hidalgo in "Medusa" now streaming on Netflix
Netflix’s new dramatic thriller show has already crashed the top 10 — here’s what you should know
Visual Intelligence being used to look up automotive info on an iPhone 16e
Not just for flagships anymore — how the Pixel 8a, iPhone 16e and other phones are expanding AI's reach
Former AATIP director Lue Elizondo tells documentary filmmaker Dan Farah we are 'not alone' in new 1hr 49m UFO film "The Age of Disclosure" (2025)
How to watch 'The Age of Disclosure' – can you stream UFO documentary online?
NYTimes Connections
NYT Connections today hints and answers — Monday, March 10 (#638)
More about iphones
A render of the iPhone 17 Pro Max

iPhone 17 Pro Max — this new rumor could push people towards iPhone 17 Air
Apple Intelligence logo on iPhone

Apple confirms Siri 2.0 is delayed — 'it’s going to take us longer than we thought'
Juana Acosta as Bárbara Hidalgo in "Medusa" now streaming on Netflix

Netflix’s new dramatic thriller show has already crashed the top 10 — here’s what you should know
See more latest
Most Popular
Juana Acosta as Bárbara Hidalgo in "Medusa" now streaming on Netflix
Netflix’s new dramatic thriller show has already crashed the top 10 — here’s what you should know
Apple smart display concept
Apple's rumored smart home hub 'postponed' due to Siri — here's what we know
Samsung's Project Moohan with Android XR at Galaxy Unpacked 2025
Samsung's XR headset could launch this summer — but at Apple Vision Pro prices, is it already doomed?
(L-R) Jay Ellis as Jay and Kate Hudson as Isla Gordon in "Running Point" on Netflix
5 best shows like 'Running Point' to stream right now
(L-R): Millie Bobby Brown, Chris Pratt and Ke Huy Quan in "The Electric State" on Netflix.
New on Netflix: 7 movies and shows to watch this week (Mar. 10-16)
Visual Intelligence being used to look up automotive info on an iPhone 16e
Not just for flagships anymore — how the Pixel 8a, iPhone 16e and other phones are expanding AI's reach
Long Bright River; John Mulaney; The Wheel of Time
6 top new TV shows to stream this week on Netflix, Prime Video and more (March 10-16)
NYTimes Connections
NYT Connections today hints and answers — Monday, March 10 (#638)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #372 (Monday, March 10 2025)
Former AATIP director Lue Elizondo tells documentary filmmaker Dan Farah we are 'not alone' in new 1hr 49m UFO film "The Age of Disclosure" (2025)
How to watch 'The Age of Disclosure' – can you stream UFO documentary online?