Here’s How Your iPhone Can Execute Malware Even While It’s Turned Off

There's no quick fix: The functionality that makes this possible would have to be changed on a hardware level.

Researchers have found that malware can be executed on iPhones even while they are turned off.

The news comes from a security analysis of an iPhone feature introduced with iOS 15 — the Bluetooth chip, among others, remains on after a user has powered it down, due in part to Apple’s “Find My” location tracking function.

Here’s how it works, and what steps you can take to keep you and your iPhone (relatively) safe.

Why iPhones Are in Danger Even While Off

Not every part of your iPhone shuts down when you hit the power button: Wireless chips remain on. Certain services need to know your phone’s location even when it’s off, and Apple’s “Find My” feature is the reason why malware can be triggered on these devices at all times.

On recent iPhone models, three chips stay on — Bluetooth, Near Field Communication (NFC), and Ultra-wideband (UWB).

“All three wireless chips have direct access to the secure element,” say researchers at the Secure Mobile Networking Lab (SEEMOO), in the Technical University of Darmstadt. The details are available in their research paper, memorably titled “Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones.”

They demonstrate in their paper a practical example of what this all means: Malware can be loaded onto a Bluetooth chip within an iPhone and then executed, later, while the iPhone is off.

“As a result, on modern iPhones, wireless chips can no longer be trusted to be turned off after shutdown. This poses a new threat model,” the paper states. “Previous work only considered that journalists are not safe against espionage when enabling airplane mode in case their smartphones were compromised.”

Part of the issue, according to this research, is that the Bluetooth firmware is neither signed nor encrypted, and the UWB chip firmware is signed but not encrypted.

What You Can Do About It

There’s a silver lining to this interesting but admittedly scary news: A bad actor would still need to load the malware onto an iPhone’s Bluetooth chip while it’s on, in order to execute it at a later date while the phone’s off. But since an iPhone user can’t be sure that hasn’t happened, they can’t fully trust their phone even when it’s off.

The researchers offered a potential fix, saying Apple could change the LPM application thread — but also mentioned that Apple didn’t have feedback when they brought up their concerns. The functionality would have to be changed on a hardware level rather than a systems update, so it seems unlikely that the issue will be addressed in the near future.

The truly safe approach is to leave your iPhone at home when taking a trip to sensitive locations like your business’s server room. Granted, that’s not an easy or practical fix for most occasions.

Another precaution could include a paid VPN service to boost security while your phone is on. We’ve rounded up the top VPN options for iPhones in the past. Ultimately, though, this research paper is another reminder that smartphones will always be location tracking devices in one way or another. If you want to stay truly safe, get a flip phone.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' was a 2024 Locus Awards finalist. When not working on his next art collection, he's tracking the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals