iPhone Chip Low-Power Mode (LPM) Security Issue
Industry: N/A | Level: Strategic | Source: Ars Technica
A security issue has been identified in Apple's iPhone chips. When the device is powered off the iPhone's Bluetooth chip runs in Low-Power Mode (LPM), which is different from the "Lower Power Mode" a running device used to conserve battery. The security risk was discovered by researchers at the Germany’s Technical University of Darmstadt and explained "It turns out that the iPhone’s Bluetooth chip—which is key to making features like Find My work—has no mechanism for digitally signing or even encrypting the firmware it runs. hips responsible for near-field communication, ultra-wideband, and Bluetooth to run in a special mode that can remain on for 24 hours after a device is turned off." Exploits researched utilized a jailbroken iPhone, limiting some real-world applicability, however the risk did remain with attackers capable of exploiting vulnerable devices and launching firmware. The security risk is not easily solvable “Since LPM support is based on the iPhone’s hardware, it cannot be removed with system updates. Thus, it has a long-lasting effect on the overall iOS security model. To the best of our knowledge, we are the first who looked into undocumented LPM features introduced in iOS 15 and uncover various issues.” Whilst the researchers have presented their findings to Apple, no comment or follow-up has been provided.