back to article Your snoozing iOS 15 iPhone may actually be sleeping with one antenna open

Some research into the potentially exploitable low-power state of iPhones has sparked headlines this week. While pretty much no one is going to utilize the study's findings to attack Apple users in any meaningful way, and only the most high-profile targets may find themselves troubled by all this, it at least provides some …

  1. Pascal Monett Silver badge

    "wireless chips can no longer be trusted to be turned off after shutdown"

    So it is true, the mafia types are right to put smartphones in lead boxes when they meet.

    1. Dave 126 Silver badge

      Re: "wireless chips can no longer be trusted to be turned off after shutdown"

      Doubtful - if they only out their phones in Faraday cages *when* they meet, the location upon which they converged can still be known. They would be better to just leave their phones at home.

      This is separate, if related, to the security concerns Mafia types might have about live audio transmission (Faraday cage would help) or audio recording (Faraday cage wouldn't help).

      Of course Mafia types might choose to put phones in boxes purely for reasons of etiquette. You don't want to be the twerp whose phone rings in the middle of the Boss's speech, any more than you would want it to ring when you're in the audience of a theatre.

      1. Anonymous Coward
        Anonymous Coward

        Re: "wireless chips can no longer be trusted to be turned off after shutdown"

        Most didn't keep it anywhere, they handed it off to a trusted fellow who'd go elsewhere while the meeting took place. That way their location could be tracked all they wanted but the bosses were never in the same place according to that data.

        1. Anonymous Coward
          Anonymous Coward

          Re: "wireless chips can no longer be trusted to be turned off after shutdown"

          Fellow AC does have some proper security training, I see.

    2. sreynolds Silver badge

      Re: "wireless chips can no longer be trusted to be turned off after shutdown"

      Yeah but their choice of foot apparel really weighed you down and the first was quite tight as the material was poured around your feed.

  2. anonanonanonanonanon

    2 Minds

    Having had my phone pickpocketed, twice, one recovered, one lost, I like the idea of being able to run find my to track it down.

    One phone was pinched at a concert, some croat had gone round the packed crowd, grabbing everything they could. I realised quickly enough, alerted security, and thanks to find my, we could tell the scumbag was still in the area. He was caught before he could escape, had a car with a boot full of phones.

    Second time, just a couple of guys pulled a distraction on me, bumped into me and lifted the phone. I chased after them but it was too late and too dark. They were smart enough to turn the phone off immediately, but I locked it remotely, several months later, it briefly pinged somewhere in africa, hopefully they never managed to break into it. If find my worked in low power mode, I could have recovered

    1. big_D Silver badge

      Re: 2 Minds

      This, plus the wi-fi and mobile antennas have also always been on, when the phone is in stand-by. How else do people think that they get push messages.

      The first half of the article had me wondering, what's new here?

      The second half is actually pretty clever, if not that worrying... Yet.

      1. gnasher729 Silver badge

        Re: 2 Minds

        Wi-Fi is not turned on in low power mode. Too much power. And only the very lowest level of mobile data is there, I think it’s even below the level where text messaging happens.

    2. Si 1

      Re: 2 Minds

      This is the other side of the coin on the right-to-repair. iPhones are basically worthless to steal as they get remotely locked and are essentially a brick that broadcasts their location to authorities. That said, until fairly recently they could still be dismantled for valuable parts but now that Apple marry most of the expensive components, they’re not really worth stealing either. So while it makes repairing a phone much more expensive, it does make them less nickable (until someone works out how to break the activation lock!)

  3. sabroni Silver badge
    Boffin

    It appears to be difficult

    but these days it's a pain/impossible to pull the battery out of these devices so a functioning OFF button should be provided. You know, for when I, as the device owner and user, want to switch it off?

    A simple "No features of this device work when OFF " message would explain the issue and allow the user to make a choice.

    1. This post has been deleted by its author

    2. sreynolds Silver badge

      Re: It appears to be difficult

      Or just don't waste your money buying them

      1. Lord Elpuss Silver badge

        Re: It appears to be difficult

        Define 'waste'. There are very few, if any, smart multifunction devices on the market these days that provide 100% of the features any given customer wants, with 0% of the features they don't. One person's "waste" is another person's "must have".

        iPhones are brilliant, amazing tools for people who value the features they offer. This may not be you, in which case feel free to move along and buy something else, but that doesn't make what they do offer, waste.

        "I" value the 'track when turned off' feature highly because I live in a - ahem - 'less than salubrious' area, where the local scrotes congregate of a weeknight around street corners, and 'lift' from passers-by with gay abandon and dearth of consequence. Police almost don't regard phone theft as a crime any more, because they're too busy tackling issues that people really care about; such as misgendering, wearing a culturally appropriated hairstyle and so on. Which means if my phone gets half-inched it's down to me and a couple of my less reputable (and more pungent) leather-jacketed mates to go and get it back. Which I can and will do, if the pond scum of humanity that stole it doesn't keep up to date on his tech news and doesn't realise it can still be tracked.

        1. sreynolds Silver badge

          Re: It appears to be difficult

          Sorry, I am not one to give definitions. Please consult a dictionary, the OED if you are a purist or that Webster's if you are from the colonies.

          1. Lord Elpuss Silver badge

            Re: It appears to be difficult

            Apology accepted; it’s abundantly clear you’re not one for definitions, which is why I’m happy to help you out.

            1. sreynolds Silver badge

              Re: It appears to be difficult

              So you accept something without definition? That seems a bit hypocritical.

    3. molletts

      Re: It appears to be difficult

      A simple "No features of this device work when OFF " message would explain the issue and allow the user to make a choice.

      And yet there would still be people who would whine that the alarm didn't wake them up or they can't pay for stuff or they have to cope with the unbearable hardship of having to carry a separate key for their car or whatever when they've used the "turn off fully" function...

    4. Stuart Castle Silver badge

      Re: It appears to be difficult

      I do think "Off" should mean "Off", and the phone should offer an option to shut down totally. Not least because it saves battery. And some places have rules on radio transmissions and it may not be practical to put your phone in a faraday cage. One example is towns near large radio telescopes often have strict controls on radio transmission in the area, often with things like Wifi and mobile phones banned, and you couldn't just bung your phone in a faraday cage the entire time you are there.

      1. General Purpose Silver badge

        Re: It appears to be difficult

        I don't think they actually ban mobiles/cellphones in the National Radio Quiet Zone, there just aren't any transmitters for them to connect to.

      2. Tom Chiverton 1

        Re: It appears to be difficult

        Nothing like that here at Jodrell. Hell, they have music festivals!

    5. big_D Silver badge

      Re: It appears to be difficult

      My first iPhone, a 3GS, kept crashing. The only way to get it working again was to remove power. As the battery was built in, I had to wait until the battery was totally drained and the iPhone turned off. A hardware power switch would have been useful.

      (And, yes, all soft-off and reset options tested, it wouldn't switch off.)

      After 6 weeks without the phone and it being returned 3 times to Apple, with no fault found, I finally kicked up a stink in the store in front of a dozen or so people looking at buying new phones... That last time, they miraculously found that one of the memory chips was defective and swapped the phone out.

    6. Dave 126 Silver badge

      Re: It appears to be difficult

      The market for a phone that can be completely turned off is quite small. Those unconcerned with security won't care, and those people who are really concerned will place their phone in a Faraday sack or leave it at home - because if they can't trust the radio firmware they likely won't trust an off-switch either.

  4. Anonymous Coward
    Anonymous Coward

    Twas always so...

    ...people forget that these are phones, so sometimes people call them and they need to ring.

    To do that, they need to be in contact with a nearby phone mast.

    1. Anonymous Coward
      Anonymous Coward

      Re: Twas always so...

      Twas NOT always so. In the old days, when we wanted a phone to NOT ring, we just unplugged it (or took it off the hook).

      A hard power switch would accomplish the same thing with current phones.

      Because sometimes we want phones to NOT F-ING RING NO MATTER F-ING WHAT, MOTHERF-KER.

      Just because you might want my phone to ring does not mean you have a right to make that happen.

      1. Anonymous Coward
        Anonymous Coward

        Re: Twas always so...

        Airplane mode is available on most phones...

    2. Martin Summers

      Re: Twas always so...

      What on earth has that got to do with the article? When the phone is powered off you wouldn't expect it to ring or do generally anything at all.

      This news is hardly a surprise anyway, anyone wanting to stay dark and covert would never have a phone with a connected battery around them if they wanted to stay hidden. This is precisely why.

  5. Mike 137 Silver badge

    With the phone 'switched off'?

    "... so that the owner can always wirelessly locate their lost cellphones via the Find My iPhone functionality, open their nearby locked cars, or make payments"

    The first option might make some sense (provided the range is sufficient), but the other two seem little more than 'labour saving' options (saving the labour of switching the phone on?). And supposing the phone is lost/in the wrong hands, are they really advisable? Unless I've misunderstood (never owned an iAnything) the phone should (and probably does) require an authenticator for switching on, but if you can unlock the car from a switched off phone that would seem to be hazardous.

    1. DS999 Silver badge

      Re: With the phone 'switched off'?

      the other two seem little more than 'labour saving' options

      It is more a "save you from being screwed if your battery goes dead" option. When an iPhone (this is probably true of any modern smartphone) shuts down due to battery reaching "0%", there is actually still some charge left in the battery.

      Allowing a battery to truly run flat compromises its longevity, so the shutdown will take place before that's truly the case, leaving sufficient charge to run very low power tasks for quite some time after. Same reason why when an iPhone reports "100%" it is actually not quite fully charged. Ideally you want a lithium based battery to stay between 20% and 80%, but forcing people to live within that range would be too great of a compromise I suppose so with an iPhone it is more like 5 to 95 or maybe 3 to 97.

      1. gnasher729 Silver badge

        Re: With the phone 'switched off'?

        Your iPhone lets you get on the train home even when the battery is at 0%. That’s a good thing.

    2. David Black

      Re: With the phone 'switched off'?

      The phone is really just replacing the physical car key fob and, though I had pretty similar concerns, I actually do see some benefit of just having one item (phone or my preference, smartwatch) rather than two when I go to the beach etc. Losing the phone is pretty much the same risk as losing the car key fob... technically it's probably a little better for some folks, as few leave their phones right next to the front door when they go to bed.

      Would say that you do definitely see the additional use of battery once you've enabled the phone as a key though, prob around 0.5-1% per hour additional drain in standby. Curiously, switching off bluetooth does stop the phone working as a key but doesn't remove the drain. I had to disable the key function to fix that so it could be just crappy coding by the car app folks rather than the hardware.

      1. DS999 Silver badge

        Re: With the phone 'switched off'?

        Does it require Bluetooth for all cars? I thought some used NFC, which should draw less power and still work if Bluetooth is disabled.

  6. werdsmith Silver badge

    This is nothing new or no great revelation. iPhones can be tracked on Find My when they are switched off to defeat thieves. MacRumours ran this story last year before even iOS 15 appeared ton general release.

    If you don't like it, then simply go into settings and switch off "Find My Network". Nothing to cry about.

    1. General Purpose Silver badge

      Do you think switching off "Find My Network" turns off all lower-power-mode (LPM) functionality such as low-power Bluetooth, near-field communications (NFC) and ultra-wideband (UWB) connectivity?

  7. Stuart Castle Silver badge

    While any exploits should at least be investigated, and hopefully removed, I wonder at the Utility of this one. To be able to use this exploit you would need quite a high level of access to the phone. Enough that you could probably turn on and use anything on the phone you need access to using other means.

    1. Martin Summers

      Yes, which is exactly what the article says and you've just repeated it...

  8. Anonymous Coward
    Anonymous Coward

    AC Becasue well...

    Phones have never really been switched off.

    I was in a certain briefing where we were told how even an "off" mobile phone can be used as a listening device remotely.

    The mitigations suggested were... don't take a mobile anywhere you might object to someone else listening or yank the battery if you do. Of course, these days, yanking the battery is, mostly, not an option.

    This was 20 odd years ago. I have no reason to suspect those providing the brief had any reason to dissemble about the facts.

    1. JimboSmith Silver badge

      Re: AC Becasue well...

      A member of my extended family is somebody who (for reasons I won’t go into) is, we’re 99% certain still having their phone tapped by the security services. They received a briefing about their phone use years ago which said a similar thing, namely: Assume that any phone has a live microphone in it unless you have taken the battery out. Also your phone calls are probably going to be listened to (by Echelon most likely) so users should think about this when using it.

  9. Ball boy
    Black Helicopters

    I take huge exception to a device not telling me that 'off' doesn't really mean 'off': if you're going to do this to my devices, have the fecking decency to let me know.

    A device that I turn off still being locatable? There are numerous reasons that could be a really good thing - but I do expect to know it's happening.

    1. peter_dtm

      RTFM

      They do

      RTFM

  10. Anonymous Coward
    Anonymous Coward

    Coffee bags

    At Defcon a few years ago I saw a vendor selling faraday bags to put phones in, so I made one myself. Aluminum foil does not work. BUT, the steel bags coffee comes in does if you use 2 or three. Tuck them in each other, put that in a nice cloth bag (or not) and fold the top once - phone won't ring.

    So when I leave IT job for the weekend to go have a smoke,,,, I'm not tracked there. maybe some other reasons to, but - it's a can do to stop the tracking if you want while not in use. No need for fancy lead boxes.

    And they can't track my speeding with the phone :)

  11. Kevin McMurtrie Silver badge

    If there was a remote attack

    I imagine everyone is attempting touchless hacks on the radio chips now. Image the selling price of an attack that can spread across iPhones whether they're on or not.

    Apple might want to patch iOS to periodically verify the chip firmware.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022