According to academics at the Technical University of Darmstadt in Germany, the location of an iPhone can still be tracked even if the device is out of power or turned off through the use of malware. Since Apple's flagship smartphones are used for many vital tasks, they can still utilize essential functions even without power. One of these functions is locating a device through the company's Find My Network, which can be used when an iPhone is shut down or is out of power. The Find My app shows the location of a lost device on a map and identifies the time it was last connected to the network and can be accessed from another person's phone or on the web. For this reason, it's critical to be able to find an iPhone when it is turned off — but it might pose a security and privacy risk.
Apple made it possible to locate an iPhone that has been powered down or has a drained battery with a software update in iOS 15. By using the web client mentioned above — accessible through the company's iCloud website — or a secondary device, an offline iPhone can be found on a map for up to 24 hours after it is shut down or runs out of power. That's enough time to realize a device is missing and locate it on the Find My network, making the feature extremely useful. It also provides peace of mind to users who constantly misplace their items or forget to keep their devices fully charged. Unfortunately, however, it's only available on the iPhone 11 lineup or later since it requires Ultra-wideband — and could be exploited with malware.
A research study conducted by the Technical University of Darmstadt in May 2022 explored a new type of low-power mode found on iPhones running iOS 15. It's common knowledge that some Apple devices come with a Low Power Mode feature that limits the product's power consumption to conserve battery. Users can enable this low power mode feature in an iPhone's settings or through the Control Center, but people might not know there's another kind of low power mode that enables critical functions when a device is out of battery or is shut down. For example, the device does not respond to taps on the screen or movements in this mode. "This mode is either activated when the user switches off their phone or when iOS shuts down automatically due to low battery," the study explains. "If the iPhone was switched off by the user, it turns on when pressing the power button."
Malware Can Run While An iPhone Is Shut Down
Due to this low power mode, users can still access their most vital information — including credit cards, car keys and IDs — when an iPhone is turned off or out of battery. This is incredibly convenient and might be considered a necessity in the digital age, but it comes with consequences. To provide access to the device's location and express wallet items, chips inside the iPhone remain on and "have direct access to the secure element," per the study. In addition, recent iPhones keep Bluetooth, near-field communication (NFC), and Ultra-wideband running when the product is shut down or loses power — none of which utilize any encryption. "Design of [low power mode] features seems to be mostly driven by functionality, without considering threats outside of the intended applications," researchers concluded. "Find My after power off turns shutdown iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not secured against manipulation."
The researchers believed that hackers could execute the malware because the low power mode kept key components running with access to the secure element of the iPhone system-on-a-chip (SoC). While the team did prove that malware can track a device's location when it is powered off or out of battery, it did so through jailbreaking the iPhone, which is extremely difficult to do. The malicious attack is mainly theoretical since it is impractical to suggest that someone would jailbreak an iPhone without the user's knowledge. However, it begs the question of whether the additional features provided by Apple's low power mode are worth the security and privacy risks. "Since LPM support is based on the iPhone's hardware, it cannot be removed with system updates," the team found. "Thus, it has a long-lasting effect on the overall iOS security model."