Published in Mobiles

Hackers can mimic iPhone reboots and keep iOS malware installed

by on11 January 2022

If only there was a phone with good security

The Tame Apple Press is reeling after a security firm announced it was possible to block and simulate an iOS restart operation.

The technique makes it possible for hackers to keep iOS malware running on an iPhone.

Security firm ZecOps said the technique was important because of the way the iPhone malware landscape has evolved in recent years. In the old days, Apple relied on people to insist that the iPhones were totally secure because no one could be bothered writing hacks to obtain an Apple fanboys U2 and Coldplay collection.

Most iOS malware strains focus on infecting a device, gaining root access, and harvesting and spying on the user until victims restart their iPhones and iPads, after which the attacker tries to infect the victim.

Most security experts have recommended over the past year that users who might be the target of malicious threat actors regularly reboot devices in order to remove backdoors or other implants.

But ZecOps said that turning it off and turning it on again does not make an iPhone immune to being hijacked once an attacker has gained access to a device.

The researchers said they developed a technique they called NoReboot that taps into SpringBoard (the Apple iOS UI app, aka the Home Screen) and Backboardd (the daemon behind SpringBoard) to detect and intercept a phone restart command (such as pressing the Volume Down + Power buttons) and then disabling the SpringBoard UI instead of shutting down the entire OS.

This effectively leaves the iPhone screen with no UI, mimicking the state a device is usually in when it is turned off.

However, the device is still powered on, but without a user interface. To prevent the device from ringing or vibrating, ZecOps said its NoReboot proof-of-concept code also disables features such as 3D Touch feedback, camera LED indicators, and vibration and sound for any incoming calls or notifications.

The proof-of-concept code includes a fake boot-up screen to complete the illusion of a full iOS reboot.


Last modified on 11 January 2022
Rate this item
(1 Vote)

Read more about: