The Rippleshot Data Breach Blog

New "NoReboot" Hack Can Keep Malware On iPhones Longer

Written by Rippleshot | Jan 26, 2022 7:47:05 PM

Originally Posted Jan 8, 2022 by Gordon Kelly on Forbes

Last year saw the biggest hack in iPhone history, complete with individual horror stories from affected users. Now a haunting new discovery could make all iPhone attacks a lot worse.

It is called “NoReboot'' and was discovered by (highly respected) mobile security specialists ZecOps. The company describes it as “the ultimate persistence bug” because it can stop iPhones affected by even temporary attacks from escaping their hacker. Moreover, it affects every iPhone model and every version of iOS and Apple cannot fix it which sets alarm bells ringing.

The concept behind NoReboot is simple, but this is also what makes it so dangerous: it tricks users into thinking they have switched off or restarted their iPhones. It works by hijacking the InCallService, SpringBoard and backboardd background processes which handle the reboot process on iPhones and shows them a fake shutdown or startup sequence instead when users try to initiate either process. In reality, the iPhone remains on at all times. 

Why is this dangerous? Because it is easier for hackers to access iPhones with ‘non-persistent’ attacks but — as the name implies — these are removed when a user shuts down or restarts their phone. But the damage these hacks can now do supersizes when combined with NoReboot code because the user cannot (by design or by accident) rid themselves of the hack. ZecOps illustrates this in the video below. 

The Unfixable iPhone Hack

But by far the scariest aspect to NoReboot is Apple cannot stop it. ZecOps explains that the software itself cannot be patched “because it’s not exploiting any persistence bugs at all — only playing tricks with the human mind.” 

In fact, the only way the researcher believes it could be countered is if Apple built new hardware into iPhones to indicate whether the display was truly on or off so users could tell whether the startup and shutdown process they see are real (tech savvy users may spot differences but most users would not). This hardware could only come on a new model, meaning it is open season on hundreds of millions of iPhones for hackers who can splice NoReboot code into their attacks moving forward. 

All of which leaves iPhone owners with limited options. A force restart (which literally cuts power to the iPhone) is a get out if you notice your boot/shutdown sequence is being faked. Other than that, ZecOps recommends installing detection tools (it makes one) and following common sense best practises like only downloading apps from the App Store (though Apple’s record here is far from perfect). 

As such, it is hard to see what Apple can really do about NoReboot and the increased risk it brings to all iPhone users. I have contacted Apple and will update this post when/if I receive a response. 

 

About Rippleshot:

Rippleshot uses machine learning and automation to detect high risk merchants and fraudulent transactions to help financial institutions protect themselves and proactively stop card fraud. Contact us today to learn more and schedule a product tour.