Researchers have discovered a method to trick the iPhone operating system. By tricking it into a restart or shutdown, the program continues to run in the background and can thus access certain sensitive resources, including photo sensors and the microphone. According to the researchers, this method does not use any iOS loopholes. It would therefore be impossible to protect yourself completely.
According to Apple, iOS is the most secure smartphone operating system. Some even went so far as to say that there are no viruses on iPhones. This was obviously before the Pegasus affair, which considerably damaged the image of Apple’s smartphone in terms of security. As a reminder, Pegasus is spyware developed by NSO Group which has been used to spy on journalists, politicians (including ministers) and opinion leaders.
Read also – iPhone: check your security settings as Christmas approaches, it’s urgent!
Thanks to the Pegasus case, we know the iPhone is not the fortress it claims to be. But it is through other more confidential initiatives that we learn to what extent this is not the case. ZecOps, an expert in mobile telephony security, has developed malware that manages to thwart the most important defenses of the iPhone without exploiting any flaw. The malware is called NoReboot. And its objective is to thwart the vigilance of the user.
This malware bypasses iPhone protections and remains undetectable
Here is how it works. NoReboot is a malware that installs itself in the iOS RAM, like many others. It accesses operating system resources by gaining certain privileges. Among these resources, Internet access, microphone, selfie sensor, etc. So far, nothing abnormal. When an iPhone is infected, user can get rid of it by restarting their phone, which has the effect of erasing the content of its RAM. NoReboot simply prevents it.
But he must also deceive the vigilance of the user. For this, it will make him believe that the phone has restarted normally. It will intercept manual commands, in particular pressing the on-off button. It will display the right animations at the right time (the wheel on extinction, the Apple logo on power-up, etc.). It will turn off the screen and the various sensors, simulating a complete shutdown. And it will redisplay the interface as if the phone had restarted normally. In fact, the phone never turned off. And the virus is still present … and active.
This ultimate method does not use any iOS flaws
You can see a video produced by ZecOps below. You discover an infected iPhone that tries to restart and another phone that receives a video stream filmed by the victim’s selfie sensor. And the flow is not interrupted during the whole process, demonstrating the effectiveness of the malware. The researchers who developed the program explain that they did not exploit any flaw in iOS. This means that there is no patch to protect against it. Be careful with links on which you click on the Internet and which could load malicious code using this method.