Researchers Come Up With A Way To Allow Malware On iOS To Maintain Persistence By Simulating A Reboot

Researchers at ZecOps have demonstrated a way to take control of an iOS device and keep control of it that is quite novel. Traditionally, you can get rid of malware on an iOS device by rebooting it. But these researchers have created a proof of concept that hijacks the shutdown of an iOS device so that it never actually shuts down. Instead it simulates a shut down. Thus they maintain control of the device to do whatever they want with it. And they have named this technique “NoReboot”. Here’s a video of the exploit in action:

Here’s the kicker. Apple might have opened the door to this with a new feature in iOS 15 that allows you to find an iOS device using the Find My network even if it is off:

Since iOS 15, Apple introduced a new feature allowing users to track their phone even when it’s been turned off. Malware researcher @naehrdine wrote a technical analysis on this feature and shared her opinion on “Security and privacy impact”. We agree with her on “Never trust a device to be off, until you removed its battery or even better put it into a Blender.”

So, can you trust that an iOS device has been fully powered down? This implies that you can’t. And I am sure that threat actors will be looking at this seeing as the proof of concept code is out there. My question is, how will Apple respond to this? Given their track record of not dealing with security issues until they are forced to acknowledge them and address them, I am not holding my breath.

Leave a Reply

%d bloggers like this: