The technique makes it possible for hackers to keep iOS malware running on an iPhone.
Security firm ZecOps said the technique was important because of the way the iPhone malware landscape has evolved in recent years. In the old days, Apple relied on people to insist that the iPhones were totally secure because no one could be bothered writing hacks to obtain an Apple fanboys U2 and Coldplay collection.
Most iOS malware strains focus on infecting a device, gaining root access, and harvesting and spying on the user until victims restart their iPhones and iPads, after which the attacker tries to infect the victim.
Most security experts have recommended over the past year that users who might be the target of malicious threat actors regularly reboot devices in order to remove backdoors or other implants.
But ZecOps said that turning it off and turning it on again does not make an iPhone immune to being hijacked once an attacker has gained access to a device.
The researchers said they developed a technique they called NoReboot that taps into SpringBoard (the Apple iOS UI app, aka the Home Screen) and Backboardd (the daemon behind SpringBoard) to detect and intercept a phone restart command (such as pressing the Volume Down + Power buttons) and then disabling the SpringBoard UI instead of shutting down the entire OS.
This effectively leaves the iPhone screen with no UI, mimicking the state a device is usually in when it is turned off.
However, the device is still powered on, but without a user interface. To prevent the device from ringing or vibrating, ZecOps said its NoReboot proof-of-concept code also disables features such as 3D Touch feedback, camera LED indicators, and vibration and sound for any incoming calls or notifications.
The proof-of-concept code includes a fake boot-up screen to complete the illusion of a full iOS reboot.