Apple’s software genius thought it was a wizard idea to never fully power down an iPhone so that lost or stolen devices using the Find My could work after the battery dies.
It was only a matter of time before insecurity experts thought up a way to exploit the idea by running malware that remains active even when an iPhone appears to be powered down.
Academics at Germany's Technical University of Darmstadt found that the iPhone’s weakpoint was its Bluetooth chip which runs Find My work. Apparently, Apple software experts did not think to provide a mechanism for digitally signing or even encrypting the firmware it runs.
The flaw only works on a jailbroken iPhone, which the Tame Apple Press insists is impossible, and besides why would a fanboy ever jailbreak their phone? Not them, perhaps but some of the more seedy security companies like the Israel-based NSO Group, which governments worldwide routinely employ to spy on adversaries.
The researcher’s report can be found here apparently they told Apple about it but never heard back.