This malware tricks iPhone and spies on users

Researchers from ZecOps have developed malware for iOS. They named it NoReboot. This malware works by simulating a shutdown process. Thus, the device gives the impression of being switched off. In reality, it is not. Basically, it is impossible to determine whether an iPhone is turned off or not. According to the American company, NoReboot is the ultimate persistence bug.

The reputation of ‘Apple telephones is based on the infallibility of their security systems. With this malicious program, the iOS system has once again found an Achilles’ heel. The first security breach at Apple was discovered thanks to the Pegasus case. The latter is software designed by the NSO Group.

A priori, getting rid of a virus is easy for devices under iOS. To do this, restarting the phone is enough to remove the malware. This filter is bypassed by NOReboot.

Three iOS daemons come into action

NoReboot injects code into three iOS daemons. These are the InCallService, SpringBoard and Backboardd features. It disables all audiovisual signals and simulates a phone shutdown. At first, the screen seems off. Other features are also attacked such as: sounds, vibrations, touch screen. The researchers say that all this is only in appearance. The device maintains internet activity and remains functional.

NoReboot is effective because it tricks human surveillance. Meanwhile, a Trojan horse is wreaking havoc on your device. It starts first by hijacking the shutdown process. Indeed, it attacks the user interface: SpringBoard. You will no longer be able to order on your phone because it seems to be off.

Then it’s the turn of Backboardd to take action. It registers and intercepts the manual commands of the device. These include the on/off functionality. Do you think you’re restarting your phone? This is a Backboardd decoy. NoReboot is programmed to turn off the screen and simulate a standard reboot. For example, it is perfectly capable of displaying the Apple logo.

Farewell to privacy

A Once properly installed, this malicious software is very boring. Features such as camera and audio device are controlled. Hackers will be able to see your activities and listen to your conversations. NoReboot is interesting since it cannot be fixed by Apple. Indeed, the virus does not exploit any vulnerability of the iOS operating system.

“The malicious actor could blatantly manipulate the phone remotely without worrying about being taken because the user is tricked into thinking the phone is turned off, either by being turned off by the victim or by malicious actors using ‘low battery’ as an excuse.”

ZeCops Researchers

This kind of attack is not within everyone’s reach. On the other hand, national groups as well as cybermercenaries are capable of it. You have to be careful about the links you click on the net.