Researchers Successfully Trick iPhone Into Simulated Airplane Mode
How Mobile Attackers Could Gaslight iPhone Users to Enable Post-Exploitation Malicious Activity.
Researchers Manipulate iPhone UI to Fake Airplane Mode, Maintain Internet Connectivity”
In a recent report, Jamf Threat Labs unveiled how the iPhone user interface can be manipulated to simulate airplane mode while secretly retaining internet connectivity. This discovery raises concerns about post-exploitation malicious activity, enabling attackers to maintain persistent access to a target device without the user’s awareness. According to Michael Covington, Vice President of Portfolio Strategy at Jamf, this manipulation can be seen as a unique form of social engineering, deceiving users into believing something is true when it isn’t.
How Airplane Mode Can Be Hacked: A Closer Look
To manipulate airplane mode on an iPhone, researchers focused on two key daemons: “SpringBoard,” responsible for UI changes, and “CommCenter,” handling state changes in the device’s network interface. Here’s how they accomplished this hack:
Hooking into CommCenter: Researchers modified the code within CommCenter, preventing it from making actual changes to the device’s network interfaces when the user toggles airplane mode. Instead, it allows the UI change to occur immediately but prevents the subsequent network changes.
Decoupling SpringBoard from CommCenter: Separating SpringBoard from CommCenter was a crucial step in neutralizing the airplane mode button’s functionality.
Control Center Wi-Fi Button Dimming: Researchers inserted code to dim the Control Center Wi-Fi button to create a more convincing illusion of airplane mode.
Manipulating Cellular Usage Database: Researchers also found a database file managed by CommCenter that controls cellular and Wi-Fi access for individual apps. By altering a specific parameter, they successfully blocked connectivity to Safari while leaving the rest of the device unaffected.
These manipulations allowed them to trick the iPhone user interface into simulating airplane mode while maintaining internet connectivity.
Consequences of iPhone Manipulations
Performing any of the actions described above would necessitate full control over a host device. Consequently, these methods are solely applicable to mobile device hackers in a post-exploitation scenario. “We view this as the approach an attacker might take—once they’ve gained initial access—to conduct activities like surveillance and install or remove software on the device when the user is unsuspecting,” explains Covington.
For defenders, the primary objective is to gain a better understanding of what potential future compromises of mobile devices could entail. “We aim to collect all the traces that may be left behind during a series of attacks. This not only enhances our detection capabilities but could also lead to improved defense mechanisms in the future by leveraging this knowledge to develop intelligent detection tools,” notes Covington. “I would incorporate these types of UI manipulations into our existing techniques and use them as an expanding set of indicators to watch for, potentially signaling a compromised device.