"wireless chips can no longer be trusted to be turned off after shutdown"
So it is true, the mafia types are right to put smartphones in lead boxes when they meet.
Some research into the potentially exploitable low-power state of iPhones has sparked headlines this week. While pretty much no one is going to utilize the study's findings to attack Apple users in any meaningful way, and only the most high-profile targets may find themselves troubled by all this, it at least provides some …
Doubtful - if they only out their phones in Faraday cages *when* they meet, the location upon which they converged can still be known. They would be better to just leave their phones at home.
This is separate, if related, to the security concerns Mafia types might have about live audio transmission (Faraday cage would help) or audio recording (Faraday cage wouldn't help).
Of course Mafia types might choose to put phones in boxes purely for reasons of etiquette. You don't want to be the twerp whose phone rings in the middle of the Boss's speech, any more than you would want it to ring when you're in the audience of a theatre.
Most didn't keep it anywhere, they handed it off to a trusted fellow who'd go elsewhere while the meeting took place. That way their location could be tracked all they wanted but the bosses were never in the same place according to that data.
Having had my phone pickpocketed, twice, one recovered, one lost, I like the idea of being able to run find my to track it down.
One phone was pinched at a concert, some croat had gone round the packed crowd, grabbing everything they could. I realised quickly enough, alerted security, and thanks to find my, we could tell the scumbag was still in the area. He was caught before he could escape, had a car with a boot full of phones.
Second time, just a couple of guys pulled a distraction on me, bumped into me and lifted the phone. I chased after them but it was too late and too dark. They were smart enough to turn the phone off immediately, but I locked it remotely, several months later, it briefly pinged somewhere in africa, hopefully they never managed to break into it. If find my worked in low power mode, I could have recovered
This, plus the wi-fi and mobile antennas have also always been on, when the phone is in stand-by. How else do people think that they get push messages.
The first half of the article had me wondering, what's new here?
The second half is actually pretty clever, if not that worrying... Yet.
This is the other side of the coin on the right-to-repair. iPhones are basically worthless to steal as they get remotely locked and are essentially a brick that broadcasts their location to authorities. That said, until fairly recently they could still be dismantled for valuable parts but now that Apple marry most of the expensive components, they’re not really worth stealing either. So while it makes repairing a phone much more expensive, it does make them less nickable (until someone works out how to break the activation lock!)
but these days it's a pain/impossible to pull the battery out of these devices so a functioning OFF button should be provided. You know, for when I, as the device owner and user, want to switch it off?
A simple "No features of this device work when OFF " message would explain the issue and allow the user to make a choice.
This post has been deleted by its author
Define 'waste'. There are very few, if any, smart multifunction devices on the market these days that provide 100% of the features any given customer wants, with 0% of the features they don't. One person's "waste" is another person's "must have".
iPhones are brilliant, amazing tools for people who value the features they offer. This may not be you, in which case feel free to move along and buy something else, but that doesn't make what they do offer, waste.
"I" value the 'track when turned off' feature highly because I live in a - ahem - 'less than salubrious' area, where the local scrotes congregate of a weeknight around street corners, and 'lift' from passers-by with gay abandon and dearth of consequence. Police almost don't regard phone theft as a crime any more, because they're too busy tackling issues that people really care about; such as misgendering, wearing a culturally appropriated hairstyle and so on. Which means if my phone gets half-inched it's down to me and a couple of my less reputable (and more pungent) leather-jacketed mates to go and get it back. Which I can and will do, if the pond scum of humanity that stole it doesn't keep up to date on his tech news and doesn't realise it can still be tracked.
A simple "No features of this device work when OFF " message would explain the issue and allow the user to make a choice.
And yet there would still be people who would whine that the alarm didn't wake them up or they can't pay for stuff or they have to cope with the unbearable hardship of having to carry a separate key for their car or whatever when they've used the "turn off fully" function...
I do think "Off" should mean "Off", and the phone should offer an option to shut down totally. Not least because it saves battery. And some places have rules on radio transmissions and it may not be practical to put your phone in a faraday cage. One example is towns near large radio telescopes often have strict controls on radio transmission in the area, often with things like Wifi and mobile phones banned, and you couldn't just bung your phone in a faraday cage the entire time you are there.
My first iPhone, a 3GS, kept crashing. The only way to get it working again was to remove power. As the battery was built in, I had to wait until the battery was totally drained and the iPhone turned off. A hardware power switch would have been useful.
(And, yes, all soft-off and reset options tested, it wouldn't switch off.)
After 6 weeks without the phone and it being returned 3 times to Apple, with no fault found, I finally kicked up a stink in the store in front of a dozen or so people looking at buying new phones... That last time, they miraculously found that one of the memory chips was defective and swapped the phone out.
The market for a phone that can be completely turned off is quite small. Those unconcerned with security won't care, and those people who are really concerned will place their phone in a Faraday sack or leave it at home - because if they can't trust the radio firmware they likely won't trust an off-switch either.
Twas NOT always so. In the old days, when we wanted a phone to NOT ring, we just unplugged it (or took it off the hook).
A hard power switch would accomplish the same thing with current phones.
Because sometimes we want phones to NOT F-ING RING NO MATTER F-ING WHAT, MOTHERF-KER.
Just because you might want my phone to ring does not mean you have a right to make that happen.
What on earth has that got to do with the article? When the phone is powered off you wouldn't expect it to ring or do generally anything at all.
This news is hardly a surprise anyway, anyone wanting to stay dark and covert would never have a phone with a connected battery around them if they wanted to stay hidden. This is precisely why.
"... so that the owner can always wirelessly locate their lost cellphones via the Find My iPhone functionality, open their nearby locked cars, or make payments"
The first option might make some sense (provided the range is sufficient), but the other two seem little more than 'labour saving' options (saving the labour of switching the phone on?). And supposing the phone is lost/in the wrong hands, are they really advisable? Unless I've misunderstood (never owned an iAnything) the phone should (and probably does) require an authenticator for switching on, but if you can unlock the car from a switched off phone that would seem to be hazardous.
the other two seem little more than 'labour saving' options
It is more a "save you from being screwed if your battery goes dead" option. When an iPhone (this is probably true of any modern smartphone) shuts down due to battery reaching "0%", there is actually still some charge left in the battery.
Allowing a battery to truly run flat compromises its longevity, so the shutdown will take place before that's truly the case, leaving sufficient charge to run very low power tasks for quite some time after. Same reason why when an iPhone reports "100%" it is actually not quite fully charged. Ideally you want a lithium based battery to stay between 20% and 80%, but forcing people to live within that range would be too great of a compromise I suppose so with an iPhone it is more like 5 to 95 or maybe 3 to 97.
The phone is really just replacing the physical car key fob and, though I had pretty similar concerns, I actually do see some benefit of just having one item (phone or my preference, smartwatch) rather than two when I go to the beach etc. Losing the phone is pretty much the same risk as losing the car key fob... technically it's probably a little better for some folks, as few leave their phones right next to the front door when they go to bed.
Would say that you do definitely see the additional use of battery once you've enabled the phone as a key though, prob around 0.5-1% per hour additional drain in standby. Curiously, switching off bluetooth does stop the phone working as a key but doesn't remove the drain. I had to disable the key function to fix that so it could be just crappy coding by the car app folks rather than the hardware.
This is nothing new or no great revelation. iPhones can be tracked on Find My when they are switched off to defeat thieves. MacRumours ran this story last year before even iOS 15 appeared ton general release.
If you don't like it, then simply go into settings and switch off "Find My Network". Nothing to cry about.
While any exploits should at least be investigated, and hopefully removed, I wonder at the Utility of this one. To be able to use this exploit you would need quite a high level of access to the phone. Enough that you could probably turn on and use anything on the phone you need access to using other means.
Phones have never really been switched off.
I was in a certain briefing where we were told how even an "off" mobile phone can be used as a listening device remotely.
The mitigations suggested were... don't take a mobile anywhere you might object to someone else listening or yank the battery if you do. Of course, these days, yanking the battery is, mostly, not an option.
This was 20 odd years ago. I have no reason to suspect those providing the brief had any reason to dissemble about the facts.
A member of my extended family is somebody who (for reasons I won’t go into) is, we’re 99% certain still having their phone tapped by the security services. They received a briefing about their phone use years ago which said a similar thing, namely: Assume that any phone has a live microphone in it unless you have taken the battery out. Also your phone calls are probably going to be listened to (by Echelon most likely) so users should think about this when using it.
I take huge exception to a device not telling me that 'off' doesn't really mean 'off': if you're going to do this to my devices, have the fecking decency to let me know.
A device that I turn off still being locatable? There are numerous reasons that could be a really good thing - but I do expect to know it's happening.
At Defcon a few years ago I saw a vendor selling faraday bags to put phones in, so I made one myself. Aluminum foil does not work. BUT, the steel bags coffee comes in does if you use 2 or three. Tuck them in each other, put that in a nice cloth bag (or not) and fold the top once - phone won't ring.
So when I leave IT job for the weekend to go have a smoke,,,, I'm not tracked there. maybe some other reasons to, but - it's a can do to stop the tracking if you want while not in use. No need for fancy lead boxes.
And they can't track my speeding with the phone :)