Threat Actors Can Simulate IPhone Reboots and Keep IOS Malware On a Device (therecord.media) 23
An anonymous reader quotes The Record: In a piece of groundbreaking research published on Tuesday night, security firm ZecOps said that it found a way to block and then simulate an iOS restart operation, a technique that they believe could be extremely useful to attackers who may want to trick users into thinking they rebooted their device and as a result, maintain access for their malware on that infected system.
The technique is of extreme importance and gravity because of the way the iPhone malware landscape has evolved in recent years, where, due to advances in the security of the iOS operating system, malware can't achieve boot persistence as easily as it once did.... As a result, many security experts have recommended over the past year that users who might be the target of malicious threat actors regularly reboot devices in order to remove backdoors or other implants.... But in a blog post on Tuesday, ZecOps said that the iOS restart process isn't immune to being hijacked once an attacker has gained access to a device, in a way to perform a fake restart where the user's device only has its UI turned off, instead of the entire OS.
The technique is of extreme importance and gravity because of the way the iPhone malware landscape has evolved in recent years, where, due to advances in the security of the iOS operating system, malware can't achieve boot persistence as easily as it once did.... As a result, many security experts have recommended over the past year that users who might be the target of malicious threat actors regularly reboot devices in order to remove backdoors or other implants.... But in a blog post on Tuesday, ZecOps said that the iOS restart process isn't immune to being hijacked once an attacker has gained access to a device, in a way to perform a fake restart where the user's device only has its UI turned off, instead of the entire OS.
So, drain the battery? (Score:3)
So, drain the battery?
Or can that be simulated too? You see it run down to 0% and "turn off", you then plug the power back in, but — because it hasn't really drained — there was no actual shutdown either?
Wipe refresh (Score:3)
Re: (Score:3)
Since a iphone backup includes the apps, the backup could be analysed for malware perhaps.
Re: (Score:2)
The point here is to have in-memory malware that does not show up on a backup.
Re: (Score:2)
That is actually hard to do. Phones have some very low power microcontrollers (as in "draining" would take years) in there, for example to monitor the start button. If you can make an attack persistent that way, "draining" will not cut it.
The idea is sound though, but it needs a removable battery. One more reason why phones without removable battery are such a bad idea.
Let's have everything controlled by software (Score:4, Insightful)
Battery that can't be removed, no hardware reset paperclip button, power button that lacks an OS independent countdown timer/force shut down. What could possibly go wrong?
Even a crap flip phone has "force shutdown" that the OS can't override in any way.
Re: (Score:2)
Battery that can't be removed, no hardware reset paperclip button, power button that lacks an OS independent countdown timer/force shut down. What could possibly go wrong?
Even a crap flip phone has "force shutdown" that the OS can't override in any way.
Quite. But most likely on devices without a removable battery or hard, dedicated "off/reset" button, the standard Android-device-style "hold down the power button for a while" Force Off could be faked.
Malware monitors the power button, and when it's held for 1 second less than the prescribed interval, does a little vibration and fakes an "off." This would probably fool 99% of users. Not an Android dev, so I dunno if this can be done without rooting the phone. If it can, that should probably be corrected
Re: (Score:2)
My understanding of the hard off button process on an android device is actually just a drain on a latching relay circuit similar to the soft off sequence on modern computer switch mode power supplies. Of course different manufacturers can throw my understanding under the bus quit quickly too.
It uses a monitor circuit to detect changes in voltage for button presses and can be used to trigger events but I'm not sure a reboot using it can be easily faked because the point is actually a power down stat
Re: (Score:2)
My understanding of the hard off button process on an android device is actually just a drain on a latching relay circuit similar to the soft off sequence on modern computer switch mode power supplies. Of course different manufacturers can throw my understanding under the bus quit quickly too. It uses a monitor circuit to detect changes in voltage for button presses and can be used to trigger events but I'm not sure a reboot using it can be easily faked because the point is actually a power down state. It is actually a hardware state not a software defined state. Of course the software menu popping up with shutdown options can be reprogrammed but continuing to hold it bypasses that with a hard off.
Yeah, that's my understanding as well... but if the "hard off" happens at 10 seconds, and at 9 seconds some piece of software does a vibration and turns off the screen backlight, most people are going to think it worked and let go of the button at that point. It may need root or some unusual permissions to do these things, though. "Change system settings" might do it for the backlight, and there's kind of a trend lately of apps requesting that one so that can turn up the display brightness while displayin
Rebooting is such a teens concept (Score:2)
Just load the running software into the phone in the factory. Hot automatic upgrades. Why should the user ever need to know anything technical like a reboot.
Rebooting is just an admission of poor software. So if it is not necessary, do not provide a way to do it.
Of course, some old farts will expect a reboot process, so provide it. But it does not actually need to do anything. Much like those progress status bars that are just driven off a timer and actually tell you nothing, but keep people entertaine
Re: Let's have everything controlled by software (Score:2)
I think the best thing to do is a normal power off, then while the device is off input the hard power off sequence. Like in iPhone, swipe to power off, wait for it to shutdown, then vol up, vol down, hold lock for ten seconds or whatever. It should just turn on from holding the lock button, if it really was off. If it was really already powered off that sequence shouldn't cause any issues? If malware faked the swipe power off, I'll take my chances with the unclean shutdown.
Re: Let's have everything controlled by software (Score:2)
Here is a novel idea:
A power indicator light that is not programmable in any way, and shows whether the processing circutry is active in the phone or not.
It does not have to be super bright, and they can have it recessed into the side of the phone*. The user looks down the millimeter deep 'well' where the LED is so that person knows if the phone is in a true powered off state or not.
*because "Style Uber Alles".
Re: (Score:2)
Here is a novel idea:
A power indicator light that is not programmable in any way, and shows whether the processing circutry is active in the phone or not.
It does not have to be super bright, and they can have it recessed into the side of the phone*. The user looks down the millimeter deep 'well' where the LED is so that person knows if the phone is in a true powered off state or not.
*because "Style Uber Alles".
Blasphemy! Where's my stone?
Re: Let's have everything controlled by software (Score:2)
Re: (Score:2)
Like my latest airplane flight. There was no switch for the reading lights. The only way to turn them on was through the entertainment system. The crew tried soft and hard resets and never got it to the point that any passenger could have a reading light. Same design error as preventing a simple shutdown.
Re: (Score:2)
Indeed. On reason I do not buy phones without removable battery. The only reboot I really trust is to remove that battery and let the thing sit for a while.
Re: Let's have everything controlled by software (Score:2)
There is a forced shutdown implemented at a low level on iPhones and it's even mentioned in TFA, go back and read it.
Volume up, volume down, long hold Lock Screen button. In TFA again, it's explained the best they could do against it is detect the attempt and try to fake a power off before the real thing so the user lets go of the button early, otherwise they can't prevent it.
Re: (Score:2)
There is always a hardware force off combination, because all software can hang. So there's always a way in hardware to force it off.
On an iPhone, it's usually Power + Volume Up or Volume Down. Hold it for 10 seconds and it forces the phone to shut off hard. After a second, the hardware will power on, but not boot up - you have to press the power button to begin the power on.
The 10 second press turns off the power control chip completely, in case it too needs to reset. After a second it will reinitialize it
Re: (Score:2)
Not to mention no dedicated hardware LED to indicate that the microphone/camera sensors have been switched by software into an active state. I generally keep my phone inside it's leather sheath and not in the same room. Close enough to reach in a few steps if it beeps, not close enough for rogue candid camera.
3 layers down (Score:5, Informative)
here is the blog post from the people who created it, with PoC and a video. [zecops.com]
Anyone seen this in the field with Android? (Score:2)
I know a non-technical person (so reports are inconclusive) with a stalker who says she's seeing compromises on her phone that persist after a reset. I'm keeping my mind open about the actual explanation but this work is interesting.