Cybersecurity News & Events

Cybersecurity in the News: Even When Turned Off, your iPhone is Vulnerable to Attack

Staying safe while on your phone is one of the key fundamentals of personal cybersecurity. This is why it is important for you to practice strong cybersecurity hygiene while using your phone on a daily basis. One of these major areas of cyber hygiene is keeping your device updated in order to protect against any threats that the company which manufactured your device has identified – this happens when you receive those operating system updates. However, it appears that there are certain areas of your phone’s security that are left vulnerable no matter what you do.

It has recently been found that Apple iPhone users are still at risk of a potential cyber attack even when their phones are turned off. You may be thinking how could an attack affect a device that isn’t active or even turned on? This is caused by the fact that your phone does not fully power down whenever you turn it off. You may notice when you try to hold down the power button to restart your phone that you will be met with an image that indicates that the phone needs to be plugged into a power source in order to have enough power to be used. Your phone is not only left with a little bit of juice so that you can be notified that you need to plug your device in, but also so that the phone can be found in the the event that it is lost or stolen while dead; this is possible due to the Bluetooth application on your phone.

Unfortunately, though this feature of a phone not being fully turned off when it is ‘dead’ to you is intended to help users, malicious actors have been doing their digging and tinkering and have since devised a way to take advantage of this feature. These hackers have found that the Bluetooth function of the iPhone has no way to encrypt anything happening on the phone.

It’s a bit of a safety trade-off when you think about it — on the one hand, you are at risk of an attack, even when you think your device is offline; on the other hand, if this feature was unavailable to you, a lost or stolen phone would be history if you knew the phone was dead. This is a common feature on phones created by many manufacturers and after this vulnerability has been discovered, many of them are working on ways to have the benefit of being able to find your phone without the current risk that is present of the phone being vulnerable to attack.

Image by cottonbro for Pexel.