Unpatchable NoReboot Attack Tricks iPhone Users By Faking A Shutdown To Spy On Them
In another example of social engineering’, an unpatchable bug has been discovered in iOS. This ultimate persistence bug makes you think your iPhone has been shut down when it hasn’t. Once in effect, it’s a trivial matter for nefarious individuals to activate your iPhone’s camera and microphone to spy on you.
The bug, dubbed “NoReboot,” hijacks a shutdown signal and then makes it seem like your iPhone has powered off. Because of how it works, the user can’t tell the difference between a real shutdown and a fake one.
Security researchers at ZecOps have been studying this problem, and point out how you typically know your iPhone is powered on.
- Incoming calls and notifications make noises.
- You feel touch feedback when you tap the screen.
- In silent mode, your notifications and phone calls trigger your iPhone to vibrate.
- The screen illuminates and shows your apps or Control Center.
- The camera indicator, or one of several other indicators, appear on the screen.
NoReboot is able to disable every single one of these indicators, all while keeping your iPhone powered on. Your display doesn’t show anything, even when you tap it. All of your notification sounds and vibrations are disabled, and the indicators don’t appear at all. The video below demonstrates what could happen.
This all starts by someone injecting code like the Objective-C method [FBSSystemService shutdownWithOptions] into iOS. That done, attackers can completely hijack and halt the shutdown process, while making it appear the device has been powered off.
In a similar fashion, a hacker can make it appear the iOS device is booting back up when the side button is pressed. The system boot animation appears, and the phone “boots” to the Lock Screen as if it had been powered off.
In between the fake shutdown and fake startup, malware is free to do whatever the attackers want, as if the actual device owner was doing it. Spying via the camera and microphone are just the beginning.
Since NoReboot isn’t exploiting any kind of persistence bugs, there’s no way to patch iOS to prevent this. It’s simply tricking you into thinking your iPhone has shut down. It’ll definitely be interesting to see how Apple fixes this gaping hole in iPhone security.