It may not be all that surprising or alarming that researchers at the Technical University of Darmstadt in Germany have discovered a new vulnerability that could be used to deliver malware to your iPhone. What is unique about this vulnerability is that it can be accessed when an iPhone is off.
This vulnerability requires a jailbroken iPhone, so there is nothing to worry about at this time for the vast majority of iPhone users. But as Ars Technica points out, the theoretical risk could become a real one as hackers discover security flaws that could allow this vulnerability to be exploited, so Apple needs to address it.
The researchers made a video summarizing the exploit, but in a nutshell, the issue involves the iPhone’s Bluetooth chip and the Find My feature that Apple offers even when newer iPhones (iPhone 11 and later) are turned off. When your iPhone is off, the Bluetooth chip is still active, running in a low-power mode so it can continue to provide Find My and other services. The researchers discovered that this low-power mode can be exploited to run malware. (Note: This Low Power Mode is different from the Low Power Mode setting that helps save battery.)
According to the researchers’ article, this issue cannot be fixed with an iOS update, as the issue involves the implementation of Low Power Mode in the iPhone’s hardware. The researchers suggest that Apple “should add a hardware-based switch to disconnect the battery” to fix the problem, which would mean that only future iPhones would be safe from this vulnerability. However, you probably haven’t turned off your iPhone in days, and this is an exploit that’s hard to hack, so you don’t need to worry about it, and if so, you can always turn off Send Last. Location” toggle in Find my.