NoReboot attack fakes iOS phone shutdown to spy on you

A new technique that fakes iPhone shutdowns to perform surveillance has been published by researchers. 

Dubbed “NoReboot,” ZecOps’ proof-of-concept (PoC) attack is described as a persistence method that can circumvent the normal practice of restarting a device to clear malicious activity from memory. 

Making its debut with an analysis and a public GitHub repository this week, ZecOps said that the NoReboot Trojan simulates a true shutdown while providing a cover for the malware to operate – which could include the covert hijacking of microphone and camera capabilities to spy on a handset owner. 

“The user cannot feel a difference between a real shutdown and a “fake shutdown,” the researchers say. “There is no user interface or any button feedback until the user turns the phone back “on”.”

The technique takes over the expected shutdown event by injecting code into three daemons: InCallService, SpringBoard, and backboardd. 

When an iPhone is turned off, there are physical indicators that this has been completed successfully, such as a ring or sound, vibration, and the Apple logo appearing onscreen – but by disabling “physical feedback,” the malware could create the appearance of a shutdown while a live connection to an operator is maintained. 


“When you

Read More: