iPhone Malware Tactic Causes Fake Shutdowns: Enables Spying

The ‘NoReboot’ technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.

In the world of mobile malware, simply shutting down a device can often wipe out any bad code, given that persistence after rebooting is a challenge for traditional malicious activity. But a new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real power-off while allowing malware to remain active in the background.

The stealthy technique, dubbed “NoReboot” by researchers, is “the ultimate persistence bug,” according to a ZecOps analysis this week... 

Is There a Patch for NoReboot?

ZecOps researchers noted that even though they call the issue a “persistence bug,” it can’t actually be patched because “it’s not exploiting any…bugs at all — only playing tricks with the human mind.” Via Twitter, the firm said that the technique works on every version of iPhone, and to prevent it, Apple would need to build in a hardware-based indicator for iPhone sleep/wake/off status.

To protect themselves, iPhone users should run standard checks for malware and trojanized apps, and take the usual vetting precautions when downloading and installing new apps. more