Skip to content

Search the site

When airplane mode isn't airplane mode: iOS malware spoofs standby

Researchers say that iOS can be manipulated to create a phony "airplane mode" that allows for the background transmission of data

A particularly nasty vulnerability in iOS could allow attackers to dupe users into transmitting data even when they believe their device to be in airplane mode.

Researchers with mobile device management specialist Jamf say that flaws in a pair of core iOS components can allow an attacker to create a fake airplane mode that would give threat actors the ability to maintain network connections while presenting the illusion that the device was offline.

Specifically, the Jamf Threat Team found that SpringBoard, the iOS component that handles the UI functions such as airplane mode notification, and CommsCenter, the app that actually performs the task of enabling or disabling the network connections, could be manipulated against each other.

By using specially-crafted code, an attacker who already has access to an iOS device could potentially manipulate the UI to offer the user the option of an "airplane mode" that would appear to be a legit option to disable connections, but would instead leave some apps with access to the internet.

Under the hood, the exploit code would use CommsCenter to not enter full airplane mode, but instead use a selective blocking feature to prevent network access for all apps except their own malware.

Meanwhile, the SpringBoard function could be told to display all of the icons and UI hallmarks of airplane mode.

The result would be a setup where the victim believes their device is in airplane mode but is in fact still utilizing the network connection via the attacker's own malicious code.

This trick would prove particularly useful for things like stalkerware or covert data harvesting, two of the more notorious types of malware to run on iOS and other mobile devices.

"The use of Airplane Mode has expanded beyond travel and is used by some to
preserve battery, and others as a way to disconnect from our always connected world. It has even been suggested as a meditation technique," the Jamf researchers noted.

"For those with cyber-paranoia and technophobia, putting your phone on Airplane Mode may be a useful psychological trick to help achieve peace of mind and a feeling of additional privacy."

If there is one bright spot in this case, it is that in order to perform this technique the attacker would need to already have local access to the target device, either by tricking the user into installing a malicious application or by performing a "jailbreak" attack technique.

To that end users can protect themselves by only using trusted app stores and keeping a close eye on who can physically access their devices.