Evil Never Sleeps: When Wireless Malware Stays On after Turning Off iPhones

@article{Classen2022EvilNS,
  title={Evil Never Sleeps: When Wireless Malware Stays On after Turning Off iPhones},
  author={Jiska Classen and A. Heinrich and Robert Nikolai Reith and Matthias Hollick},
  journal={Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks},
  year={2022}
}
  • J. Classen, A. Heinrich, M. Hollick
  • Published 12 May 2022
  • Computer Science
  • Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks
When an iPhone is turned off, most wireless chips stay on. For instance, upon user-initiated shutdown, the iPhone remains locatable via the Find My network. If the battery runs low, the iPhone shuts down automatically and enters a power reserve mode. Yet, users can still access credit cards, student passes, and other items in their Wallet. We analyze how Apple implements these standalone wireless features, working while iOS is not running, and determine their security boundaries. On recent… 

Figures and Tables from this paper

The Realization of NFC Virtual Campus Card System Based on Mobile Wallet

  • 潘 常
  • Computer Science
    Software Engineering and Applications
  • 2022

AirGuard - Protecting Android Users from Stalking Attacks by Apple Find My Devices

This work reverse engineer Apple's tracking protection in iOS and discuss its features regarding stalking detection, design "AirGuard" and release it as an Android app to protect against abuse by Apple tracking devices, and study the use of AirGuard in the wild.

References

SHOWING 1-10 OF 52 REFERENCES

Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System

While it is found that OF’s design achieves its privacy goals, it is discovered two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users.

InternalBlue - Bluetooth Binary Patching and Experimentation Framework

The InternalBlue Python framework offers deep insights into the internal architecture of a popular commercial family of Bluetooth controllers used in smartphones, wearables, and IoT platforms and discovers a novel critical security issue affecting a large selection of Broadcom chipsets.

Wibbly Wobbly, Timey Wimey – What’s Really Inside Apple’s U1 Chip

  • Presentation at Black Hat USA
  • 2021

AirTag of the Clones: Shenanigans with Liberated Item Finders

This paper analyzes the AirTag hardware and firmware in detail and presents attacks that also affect the whole AirTag ecosystem, including playing sound sequences and downgrading the nRF and U1 firmware.

AirGuard - Protecting Android Users from Stalking Attacks by Apple Find My Devices

This work reverse engineer Apple's tracking protection in iOS and discuss its features regarding stalking detection, design "AirGuard" and release it as an Android app to protect against abuse by Apple tracking devices, and study the use of AirGuard in the wild.

Attacks on Wireless Coexistence: Exploiting Cross-Technology Performance Features for Inter-Chip Privilege Escalation

Practical coexistence attacks on Broadcom, Cypress, and Silicon Labs chips deployed in billions of devices are shown and it is demonstrated that a Bluetooth chip can directly extract network passwords and manipulate traffic on a Wi-Fi chip.

Ghost Peak: Practical Distance Reduction Attacks Against HRP UWB Ranging

The first over-the-air attack on IEEE 802.15.4z High-Rate Pulse Repetition Frequency (HRP) Ultra-Wide Band (UWB) distance measurement systems is presented, bringing into question the use of UWB HRP in security-critical applications.

Who Tracks the Trackers?: Circumventing Apple's Anti-Tracking Alerts in the Find My Network

It is demonstrated that it is possible to create a custom device, with similar features to an AirTag in terms of cost, size, and battery life, which can participate in and be tracked by Apple's Find My network while not triggering any item safety alerts, implying that Apple's protection mechanism is insufficient.
...