Company cyber security expertsZecOps announced the discovery of a fatal vulnerability in all Apple smartphones. According to ZecOps employees, they were able to create software called NoReboot, which simulates the scenario of shutting down or rebooting a device.
NoReboot technology allows attackers tomake it appear that the iPhone is restarting or shutting down. The program disguises itself as a SprigBoard shell, and the user sees fake boot or shutdown icons on the screen. At the same time, any feedback between the smartphone and the user is blocked: ringtones and message notifications, 3D Touch, vibration, screen, camera backlight and other functions are disabled.
Misled by the status message"False disconnection" the user will not suspect that the smartphone continues to remain connected to the network, and attackers will be able to gain access to the microphone and camera of the device. ZecOps representatives believe that all iOS assemblies installed on any iPhone model are affected.
In a standard situation, restarting the smartphone inmanually interrupted the work of malware. However, NoReboot technology uses the background processes backboardd, InCallSrvice and SpringBoard responsible for rebooting, which will allow the virus software to continue running after it is re-enabled. NoReboot can be interrupted only during a "hard reboot" using a sequential set of pressing the power and volume keys.
Apple has not yet commented on the reported issue.