iPhone Vulnerability

[Rick Granick]

c/o MacInTouch site:

NoReboot iPhone vulnerability​

A new malware trick, demonstrated with proof-of concept code, could silently compromise iPhones while they appear falsely to be turned off.

iOS malware can fake iPhone shut downs to snoop on camera, microphone
Researchers have developed a new technique that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and receive sensitive data via a live network connection.
Historically, when malware infects an iOS device, it can be removed simply by restarting the device, which clears the malware from memory.
However, this technique hooks the shutdown and reboot routines to prevent them from ever happening, allowing malware to achieve persistence as the device is never actually turned off.
Because this attack, which the researchers call “NoReboot,” does not exploit any flaws on the iOS and instead relies on human-level deception, it cannot be patched by Apple.

 

[Ylva]

I read the article, and the comments as well. It seems that you would be able to detect the false shut down if you are not prompted for your passcode. Another suggestion was to put in a false passcode and see where that goes.

 

[Peter Odems]

I never had to reboot my iPhone. And I never saw a warning for this at my trusted info-websites. So I think investigators found this flaw but it is not used by hackers yet.

 

[Peter Odems]

Secondly this message shows how important it is to use trusted apps only and as less as possible. Only downloaded from the app-store and never work with jail brakes or other unofficial software. There are bad forces coming up to force Apple allowing software from third parties and that would cause unprotected situations.We better leave the androids for the androids and keep our iPhones/iPads clean.

 

[Larry Peterson]

We better leave the androids for the androids and keep our iPhones/iPads clean.

I object to your Android bashing. Please keep those thoughts to yourself.

 

[Peter Odems]

Shall I see "Leave the iPhone's for the iPhone's"? That must sound better for you and means the same. I like to use my devices when they are properly protected.