Cybersecurity experts have uncovered a sophisticated exploit affecting iOS 16 that enables a stealthy post-exploit persistence technique, allowing attackers to maintain access to Apple devices even when they appear to be in Airplane Mode.
Researchers from Jamf Threat Labs have detailed how this method involves deceiving the victim into believing their device’s Airplane Mode is functioning normally, while in reality, the attacker has manipulated the user interface (UI) to display the Airplane Mode icon, cutting off internet connections to all apps except the attacker’s application. The clever manipulation ensures that the malicious actor can discreetly maintain a cellular network connection to carry out unauthorized activities. Despite the appearance of Airplane Mode, the attacker’s application can still access the cellular network, enabling continued control over the compromised device.
The attack method, referred to as the “fake Airplane Mode” exploit, leverages modifications in both the UI and cellular data access. The researchers explain that, although the network interface pdp_ip0 (cellular data) no longer displays IP addresses once Airplane Mode is enabled, CommCenter, responsible for the underlying changes, and SpringBoard, responsible for UI modifications, collaborate to create an illusion of Airplane Mode while maintaining cellular connectivity. This deceptive technique allows an artificial Airplane Mode to be maintained, providing the attacker with a facade of internet disconnection. Consequently, users may unknowingly fall victim to unauthorized access and manipulation of their devices even when they believe they are in a secure offline state.
The intricate nature of this exploit underscores the ingenuity of cybercriminals in evading security measures. By exploiting the Windows Filtering Platform (WFP), attackers can carry out malicious activities while the user remains unaware of the ongoing compromise.
This discovery highlights the ongoing cat-and-mouse game between security researchers and cybercriminals, emphasizing the need for constant vigilance and robust security measures to safeguard digital devices and user data.
