A new security threat that can exploit your iPhone has been demonstrated by Jamf Threat Labs (via AppleInsider). According to the cybersecurity experts, any iPhone running iOS 16 could be a victim of this fake Airplane Mode threat. It makes you think that your phone is disconnected from the internet, but instead, your iPhone is being exploited.
At the moment, it’s unclear how this attack could occur. Jamf Threat Labs only explains how easy it’s for a hacker to fool a user into thinking they have turned on Airplane Mode.
Basically, with an exploited iPhone, the user would turn on Airplane Mode, and it would look like they were actually offline – they wouldn’t even be able to access Safari – but the malware would be connected and exploiting the user.
The process demonstrated by Jamf is based on SpringBoard and CommCenter. Still, it doesn’t seem to have been actively exploited yet – and the paper doesn’t explain if this could be done over the air or if the hacker would need physical access to your device.
By changing the logs of how Airplane Mode works and tweaking the UX using Objective-C methods, the experts demonstrated how a hacker could fake Airplane Mode on an iPhone since Wi-Fi and Bluetooth toggles appear disconnected. Then, with CommsCenter, the lab is able to block cellular data access for specific apps.
Should iPhone users worry about this Fake Airplane Mode threat?
You shouldn’t spend too much time worrying about this threat at the moment, as it’s unclear how this malware could be used to exploit iPhone users. That said, this article is an early warning to Apple to block these possible tweaks that a hacker could use to pretend that you have Airplane Mode activated on your iPhone when you don’t.
Ultimately, if you want to be extra careful, you could start turning Airplane Mode on from your iPhone Settings app instead of the Control Center. That way, you’d make sure that your phone is disconnected. In addition, checking if there isn’t any downloaded app you don’t recognize is also important.
You can read the full blog post by Jamf Threat Labs here.