Security researchers at ZecOps demonstrate NoReboot, which is essentially a piece of iOS malware that uses a persistence method to bypass the normal activity of restarting the device to clear malicious activity from memory. This means that an infected user would think that the device has been powered off, but in fact, it’s still running, simulating a real shutdown. It accomplishes this by injecting code into three daemons responsible for controlling the shutdown event. Read more for a video demonstration and additional information.
Once this is bypassed, there’s no physical indication that the iPhone is on, but it remains fully awake and connected to the internet. Meaning that nefarious actors will not only be able to eavesdrop on the owner using both the camera and the microphone, but also anything else that requires an internet connection, all while the iPhone appears to be powered off.
- Apple M1 chip for next-level performance
- Brilliant 12.9-inch Liquid Retina XDR display with ProMotion, True Tone, and P3 wide color
- TrueDepth camera system featuring Ultra Wide camera with Center Stage
When you slide to power off, it is actually a system application /Applications/InCallService.app sending a shutdown signal to SpringBoard, which is a daemon that is responsible for the majority of the UI interaction,” researchers explained, in the analysis. “We managed to hijack the signal by hooking the Objective-C method -[FBSSystemService shutdownWithOptions:]. Now instead of sending a shutdown signal to SpringBoard, it will notify both SpringBoard and backboardd to trigger the code we injected into them,” said ZecOps.
