Security researchers from the Technical University of Darmstadt in Germany have found that even if an iPhone has been powered off, some segment of its wireless
connectivity remain active in the device. Most notable is
Bluetooth, though NFC and Ultra-Wide-Band both may remain active as well. Through the Bluetooth connection, it is entirely feasible that an attacker can transfer and place malicious code, software, or files onto the device.
The reason for these functions to remain active is related to the "Find My..." feature of most
Apple devices. A function that allows people to find their devices assuming they've been misplaced, lost or stolen, via GPS, or other tracking means.
YouTube Video of the security flaw on iPhones when powered off
Overall, the security concern is minimal, as
iOS devices are pretty good about not typically running arbitrary code without permission. The researchers mention that jailbreaking would be necessary for most actual security concerns related to taking control of the device via the methods explained in the paper. That said, exploiting this wireless connectivity vector could allow for the potential of other forms of data scraping or search on a device.
What kind of data could be collected? Well, some auto-manufacturers use digital car key signatures that link to cell phones now. Another potentially nasty one is the possibility of collecting data from banking apps or Apple Pay.
iPhone shown in front of Memory Capture
While this all sounds pretty scary, for the time being, the researchers have stated that they have not seen any reports of the problem being exploited in the wild. That does not mean it can't happen of course, and ultimately it could pave the way for wireless malware networks, where one infected phone scans nearby for other wireless iPhone signals to see if it can't drop itself onto that iPhone to steal more data from the next person, and so on.
