News

Cybersecurity researchers have uncovered a new technique on iOS 16 that enables attackers to maintain access to an Apple device even when the user believes it is offline. The method involves tricking the victim into thinking their device’s Airplane Mode is active, while the attacker secretly maintains a cellular network connection for a rogue application. This is achieved by planting an artificial Airplane Mode, which alters the user interface (UI) to display the Airplane Mode icon and cuts internet access to all apps except the malicious one.

When Airplane Mode is activated, the cellular network interface pdp_ip0 (cellular data) no longer displays IP addresses, effectively disconnecting the cellular network from the user space level. However, the CommCenter daemon is used to block cellular data access for specific apps and simulate Airplane Mode by altering the alert window. This creates the illusion that Airplane Mode is on, while the malicious payload on the device retains cellular connectivity.

The presence of an SQL database in the CommCenter daemon has also been discovered, which records the cellular data access status of each app. By selectively blocking or allowing apps to access Wi-Fi or cellular data based on their bundle IDs, the fake Airplane Mode appears to function like the real one, but without restrictions for non-application processes, such as a backdoor Trojan.

This post-exploit persistence technique poses significant security risks as it allows attackers to maintain control over Apple devices without arousing suspicion from the victim. Users may unknowingly believe their device is offline when it is, in fact, connected to a cellular network.

It is crucial for Apple to address this vulnerability promptly and provide security updates to ensure the protection of iOS 16 users. In the meantime, users should remain cautious when enabling Airplane Mode and be vigilant about the apps they install on their devices. Always keep devices updated with the latest software patches and employ best practices for cybersecurity hygiene to mitigate potential risks.

The post Novel Post-Exploit Technique Found on iOS 16 Allows Stealthy Access to Apple Devices appeared first on satProviders.