See the entire conversation

“iPhone Remains Findable After Power Off” what I can’t keep up anymore.
197 replies and sub-replies as of Oct 02 2021

So I guess “power off” doesn’t mean “off” anymore, it means the device stays on and does some kind of low-power nearfield communication. I’m trying to decide how I feel about this.
The off switch is buried in the “Find My” settings dialog, weirdly in a tab called “Find My Network” which might make you think it’s intended to… find your network… but actually I think this is some kind of branding gone wrong.
I wonder what the attack surface of their “powered off you can only find the phone” mode looks like. I hope it doesn’t use weird exploitable SSL libraries that haven’t been updated since 2012.
Too much functionality please stop
I think that setting might also prevent your phone from serving as a relay for other air tag location pings
In other news I updated my phone to iOS 15 and put it down to charge last night. When I woke up it was hot, and my battery has gone from 100% to 15% since 7:30am. I gotta get off this ecosystem.
Wow, this thread somehow inspired an insane comment thread on HN which is 50% people saying they’ve known about this feature for a year and only an idiot would be surprised by it, 50% people expressing surprise that the feature even exists.…
For the record (inspired by the many excellent comments on HN) I have no specific beef with this feature: I’d just like to know how it works. I think a proper explanation of it would be security-relevant and I would expect to see something about it in the iOS Security Guide.
A little bird told me the phone writes a series of pre-computed cryptographic beacons to the UWB chipset, but little birds are no substitute for official documentation.
Wow, ok! This post does some proper reverse engineering and shows that the “Always On Processor” interfaces with the Bluetooth chip to implement this functionality. Great to have an answer.
Always-on Processor magic: How Find My works while iPhone is powered off
Wireless and firmware hacking, PhD life, Technology
My tweet above (two higher in the thread) was apparently wrong. The Find My keys get exported to the Bluetooth chipset. I still wonder how exploitable the whole mess is while the phone is off. Should we care?
Ok, update: the Find My beacons are spooled out to storage, rather than the keys themselves. Which presumably are safe in the SEP. Thanks @naehrdine for the second look. (Also anyone who cares about Apple RE should follow @naehrdine)
Especially cross platform! ;)
So… android phone suggestions? 😂
That aren't vulnerable? lol ummm how do I say this
🤣 touché, everything is a can of worms. It’s just some cans have better or worse features. Like holes for your worms of information to fall out of. Why am I talking about worms.. oh it’s late zzzzzzzzz
I mean, it's Bluetooth. It's got to be secure right? The spec alone is only 800 pages.
the little birds know more than the official documentation, it seems. In fact, sometimes the little birds are the real MVP 😉
I think this is somewhat unlikely. Apple hasn't really used U1 to transmit payloads so far, only for ranging. However, I suspect the AOP manages power for the bluetooth chip, and that talks to the SEP for key material (the firmware patches have a few strings that suggest this).
Also, see this…, although I haven't been able to find a source for that
So the SEP stays “live” during power off?
Is it possible this is just passively powered chips like RFID rather than full blown Bluetooth communication?
We did no such thing.
thanks!! disabled!
I have some intuition about the implementation in the Always On Processor and the Bluetooth chip patch required to run Find My while iOS is off. Might write it down soon, need to dig a bit deeper with IDA before.
Want to know how your iPhone remains locatable with Find My while turned off? I had a brief look into how it works.…
I just disabled this. I'm much closer now to the day I introduce my iPhone to a table saw.
I suggest reaching out to them personally:…
Welcome to talking about anything related to Apple products in public. It is terrible and I hate it.
Don’t bring up musk.
I have been thinking about implications for victims of domestic abuse, who will not even know they are being tracked. But it’s ok, because “most people” find it useful so that’s what we go with.
HN always devolves into a dumpster fire on most topics.
And the other 50% are deriving the operational parameters of. uSB powered toaster based on first principles. One person is shilling their startup.
To be fair the number of idiots on HN is WAY higher than 50%.
I am very suprised that in certain circles dealing with certain topics with certain entities that this hasn't come up.... first I had heard of this. I'm still very curious on what kind of information can be gleaned while it is "off" and whether be cross referenced when it's on.
I miss n-gate’s take on ridiculous HN threads
I always find that devices need an extra reboot after an update to settle down.
And another .1 behind the release number.
Do you have any recommendations? Not interested in Google tracking so I’ve been looking at CalyxOS and GrapheneOS but fear losing a lot of functionality.
I’m ordering one of the next gen Pixels and trying (trying!) GrapheneOS. Not sure I’m going to like it.
Will keep an eye on your twitter for your review! Thanks.
is there an ETA on when Graphene will be available for next-gen pixels? A few weeks ago I hadn't seen an announcement yet.
GrapheneOS is pretty manageable with aurora store. The only hard nos are Uber and Lyft. One banking app wouldn't do transfers without Google play for a while, but that behavior changed. OsmAnd is great if you can figure out how to enter USA addresses in that euro reverse notation
LineageOS with microG is an interesting option I haven't tried out
Check out Sandboxed Play services on seperate profile. It's neat.…
Omg 🤦‍♂️
Calyx os is better probably with less restrictions and contraints comparing to graphene os...
will inovate the fuck out of apple again with an iPhone 14 that will look the same, have all the same flaws NSO needs to stay in biz and give it the best camera ever in a smartphone.
It's entirely possible that charging stopped after reboot because iPhone won't even accept power from some USB buses until first unlock after reboot. What did you plug it into?
Wireless charging. And it was 100% it’s just consuming power somewhere like crazy. I rebooted so maybe it will stop.
Yikes. Yeah hopefully rebooting will fix it. If not, it sounds like a bug worth reporting.
Wireless charging always heats the phone a ton. Please 😒
You just updated to a major OS revision. It's fairly common for this to do things like re-indexing of data, processing of data, etc. This could explain the extra power use, for sure. Usually this sorts itself out within a day or two.
There is literally nowhere to go aside from Android and that is much worse.
Imagine thinking Android is worse than Apple? Brainwashed much?
about every third time I plug in my iphone it tries to go chernobyl like that because of that, I never plug it in, except when it is sitting next to me on my desk, while I work
I had this same issue the first night after updating to iOS 15, I believe because it does some one-time background tasks like updating the photos index and things like that
Damn.. I almost moved to iOS 15 yesterday. Glad I didn't.
That’s normal for the first few days after an OS update. It rebuilds the search and other indices. Happens on macOS too, it’s a bad bug but one they haven’t fixed yet.
It's not a "bad bug". It's not a bug at all, actually. It's working as it's designed to work.
It does tend to cause undesirable behaviour at times. Like what Prof. Green experienced, or huge slowdowns on an old Mac (sometimes it’d take up almost all available RAM and a reboot would be necessary, may be a mem leak).
Of course, it’s hashing all your photos….
Pixel 6 Pro for the win
It’s the best ecosystem. 🤷‍♂️ by far. Signed former android fan.
Always hated Apple. In 2015 I bought an iPhone 6. Now I have the complete lineup (iPhone, Watch, AirPods, MacBook, iPad). Sometimes you feel locked, but the truth is that Apple ecosystem is far beyond all competitors
What's so great about it? The vendor lock in, planned obsolescence and restrictions on what you can do in that OS was enough to put me off.
The alternative ecosystem is actually worst
Are you using Spotify? They’ve been implicated in sucking battery life in iOS devices and have released a statement saying a fix is coming
My (soon to be Ubuntu) Pine Phone is with DHL right now...
…What even…How does that even happen…
You can see what used the battery in Settings -> Battery. Tap on the timeframe in question for more detail.
you are the only one this happened for 😅 my iPhone is just as good as in iOS 14, but now with extra features But don't worry, Apple is not going to miss you
Worth looking in Settings/Battery to see which apps are using the most power. Also disabling background app refresh except for apps that need it. Something clearly amiss here.
By where? Where? There is nowhere to go… 😭
Can't believe people still buy em
"I gotta not rely on technology so much" makes sense. If you're concerned about security provisions on Apple tech though, I'm afraid you're in for a bad time looking for alternatives. Everyone else is actively trying to mine your data to support their business model.
Happened to me too. It settles down after a day or two. I'm guessing it's reindexing everything and ML scanning your photos for objects/people.
It's probably because it was indexing and rebuilding DBs after the update. Nothing weird
Matt: Pixel 5a and @CalyxOS. I had a new iPhone every year since launch. Now the battery lasts close to 4 days. Amazing what happens when there are not a million extra bg processes running.…
Battery on @CalyxOS—so when there are not a million background processes tracking you—is unreal.
this happened to me first day after update as well
It's incredible that you think Androids won't do this
Probably out of stock within minutes
Is that an educated guess? 😬
the power off mode is more than just Find My, it supports express mode NFC, so you can pay for subways with a dead phone, and also car key NFC, so you can get into your car with a dead phone note that power off != dead; it’s when the screen shows the depleted red battery
a fully dead iPhone will support none of this functionality, since it’s fully dead, but some software needs to run to show that depleted battery + virtual lightning cable so they’re just shoving more features into it
From a threat model point of view, I see a big difference between NFC Direct Access mode when the main CPU is powered down (e.g., for tickets, keys, and ID documents) and longer-range radios being periodically up.
iirc all the Find My stuff is handled by the U1 chip which (I’m guessing) has no access to main memory or storage or any of the other radios (just its own shortwave radio to carry out its tasks)
I understand that part, but another aspect of the threat model is physical distance of access. For NFC, realistically it implies holding the device in hand. For Bluetooth, attacks at (local) scale are realistic.
you’re totally right, but I don’t think any powered off features use Bluetooth yet it’ll be fun when they do have features that use the cellular radio intermittently while off 😅
i imagine it periodically powers up the bluetooth chip to send out Find My packets like it was an airtag; i don't think it'd be parsing anything it receives but this is pure speculation heh
Yeah the first “pwn iOS while it’s turned off” presentation is going to be wild.
Do we know yet if there's a way to actually turn an iPhone all the way off?
There were already people who detected iPads in cars through they bluetooth signals, to steal the, years ago. I guess something like that could be possible.
‘Find My’ network
Worst branding ever.
I think that setting might also prevent your phone from serving as a relay for other air tag location pings
When your phone turns off it will beacon lost messages just like an airtag. @furiousmac just published a paper on the airtag functionality and describes the Bluetooth protocol :)
I think it's the "Find My" network, rather than "Find My Network"? (network isn't capitalised)
Worst branding ever.
That’s a bad name because they got carried away, but the docs team will point out “network” is lowercase so it’s within their style guide. Sigh.
It's copying the functionality that came to the Mac a couple of years ago (I think?), where one could "locate, lock, or erase" Macs that were lost or stolen. (Also terrible phrasing in the Settings for that piece of functionality)
Older phones don’t have the “powered off” line
Seems like a weird thing to jam into a single multifunction switch.
How so, you either want to partake of “Find My” (to the best of your Phone hardware’s ability) to allow you to find your phone if it’s lost or stolen, or you don’t. Y/N
Take it from a German-Speaker: sometimes capitalization is important. The original text reads “Find My network” not “Find My Network”, but you’re not wrong. “Find My” is an awkward bit of branding.
On my iPhone Xs (no UWB hardware in that generation) the message does not mention power off. But that doesn’t demonstrate which radio still has power when a more modern phone is off
Thanks, disabled. This is a bit of a misleading warning isn’t it? Notice how it says “devices” and not “phone,” because presumably when my phone is powered on and connected to WiFi, I can find it… also, do I need to disable this on my computer too??
On the bright side you could always pop the battery out. Oh. Wait.
I foresee a market for iPhone metal cases.
you can use an iPhone that is out of battery to swipe in to a DC Metro if it’s otherwise set up (allegedly, haven’t tried). for a few hours
Basically like an air tag.
What do you want to bet it’s much more interactive and vulnerable.
More interactive? For sure. More vulnerable? I don’t know. Overall I think the pros outweigh the cons here, but it is worth thinking on.
and the "disable" wifi in the pulldown menu just turns it off for a bit, then helpfully turns it on, whether you intended that or not. surely we should all be greatful that apple knows so much better than us how we should use the devices we paid for and allegedly own.
While there may be some times you want to turn it off, for most people this will be helpful. For example, it’s common for phone snatchers to turn the phone off immediately to prevent it from being tracked.
"Power off" hasn't meant that the power is actually *off* for quite some time. These things need a *hardware* power switch that, you know, cuts off the power.
iPhones with NFC habe been able to run on so called “power reserve” to use NFC (for example for payment s via Apple Pay) even when your battery is too low to power the main system. Why is everyone acting so surprised about a feature that had been advertised for years?
Because FindMy uses Bluetooth not NFC.
See express card functionality:… No surprise that Apple used the same mechanism to power the AirTag like functionality of the hardware in the same manner. Makes stealing an iPhone even more risky and impossible to sell the whole device.
Express Cards with power reserve
If iOS isn’t running because iPhone needs to be charged, there may still be enough power in the battery to support Express Card transactions.
I thought ExpressCards were extremely short range near field communication systems (10cm). And AirTags were longer range (tens of meters) possibly using Bluetooth.
AirTags use Bluetooth LE and Apple‘s ultrawideband chip.
When I worked at the NSA we weren't allowed to bring phones inside even if they were turned off - and that was 17 years ago. Phones are a security nightmare
The first time I shut the phone off after the upgrade it asked me if I wanted to enable or disable this feature, if I am not entirely mistaken.
I watched enough 24 to know that if you don't remove the battery, they can still pentagonize you
I have a Mac for the first and I can definitely say that that thing is NEVER off.
Right. Apple has gone to far on many fronts at this point. Like I would love to participate in the find my network with my phone on but also be able to turn my phone off. They could make that an option. But they don’t want to. FML.
plz it is bad
Today's power buttons merely request the device turn on/off. And wireless isn't really off unless "Airplane mode" is engaged – but again, this is only requesting the radios turn off. More devices should have switches hard-wired, esp w their poor security track record.
It's like, fucking computers, man.
Did they integrate an Apple tag into it?
more likely the software components - AirTags are GPS chips with firmware.
AirTags don’t have GPS receivers. They depend on the phone discovering them to have GPS.
Probs has a rfid/nfc tag built in. Doesn't require power
AirTags uses Bluetooth Low Energy and depend on the network of macs and iPhones to ping them and then report back to Apple. They’re essentially dumb Bluetooth beacons being made discoverable by a network of phones.
Macs are receiving or transmitting network packets even when in sleep. This is even true when you disable Power Nap functionality. Little Snitch will prompt you when you wake your laptop *after* taking it to a place with a WiFi you've previously connected to & returning.
*ahum* wake on lan. In laptops since the 90ies.
Are you surprised? LMAO
Remember that there are people out there that asked for this and want it. Question is, how much battery juice is reserved to support it?
Seems like it basically just acts like an AirTag in this mode. An AirTag can live off a coin cell for a year, so not much juice
My fave hidden iPhone feature: an old iPhone w/ cellular & Wi-Fi turned OFF will still broadcast location via Bluetooth. I tested this w/ old iPhone 7 on iOS 14. Its location is updated periodically on my primary iPhone’s Find My. It operates like an #AirTags! #iOS15 #iPhone13
I remember reading a study that found faraday cages don't shield from all frequencies, but actually amplify some freqs.
I would imagine you could "tune" two layered Faraday cages to provide more complete shielding.
That's quite true unfortunately. That's why you always need to check. Also check any you buy for car keys or to protect those awful contactless bank cards. To be effective they need to be earthed too.
Put it in an empty ( unused) metal paint can if you can still find them. Seal the lid with a hammer. That will give you about 100 dB of attenuation at all frequencies.
You can also hide your iphone inside an abandoned microwave. Checkmate.
Shit is getting to real! 🙈🙉🙊
This is not just limited to iPhones. Windows laptop’s don’t shut down either. If you want the system to do a fresh reboot you need to do a Restart. (This is because of the quick boot time some “customers” want)
They do if you ask, just hold down shift while restarting, or 'shutdown /s /f /t 0' or disable fast start. But by default they do something closer to hibernate, and they're still powered off. The iPhone will still have a processor running, probably doing BTLE beaconing.
That's not the same thing as what's happening here. That's still turning the power to the device off. (well sort of, thanks intel me). Apple's devices are broadcasting beacons even when off.
That is why most can't have the battery taken out...
I assume the phone has the capability of an AirTag that feeds off the main battery, even when the phone is off. It just responds to BTLE requests with its serial so participating phones that are on will enrich with location info and send this to the cloud. Kind of makes sense
"enrich with location info and send to the cloud" is not necessarily a calming phrase
Haha. That is basically how the Internet of Things works.
Get an Android. When you lose it, check the sofa cushions.
Just remove the battery with a chisel.
Put it in the Microwave or a Faraday pouch.
Misread this as a faraday pooch... imagining a metal cage shaped like a doggy now.
This Actually works ? Is there a way to switch off all transmission of data Like airplane mood but really switch off every transmission??
Faraday cage, or "wrap it in aluminum foil"
Stuff like this is why no one takes privacy advocates seriously. They’re a self-maintaining ball of incessant outrage.
You told us 😅
People surprised by this, 2014 wants to talk to you. There is no hidden outrage here stop manufacturing it and get a hobby.
Welcome to the Brave New World Huxley never dared to imagine
Seems like a really useful feature. If you’re worried that nation states exploit your powered-off iPhone, maybe you shouldn’t carry a smartphone in the first place.
I’m not particularly worried, but I’d gather the journalists and politicians who do get exploited would have a hard time doing their jobs without one.…
iPhone is about as bad as Android nowadays.
iPhone is a hardware thing, android is an operating system. Not the same kind of thing and because of that your claim does not make sense
iPhone only has one OS... so it kind of is the same thing
I still remember the distinct dialog where Apple asked me to opt-in on first boot of iOS 15. I selected to opt-in in because Apple asked! Unlike some competitors that you are gonna recommend!
This function is hardware based and i think was implemented around the iPhone X.
Old BlackBerry's used to do that too. Had to go into airplane mode to fully turn off radios.
I don't have an iphone but I believe you can't just take out the battery?
That’s why you can no longer pull the battery out. Next feature will be battery power-up from wi-fi signals, later on just from phone network… see where it is going aye.
Why use iPhone to begin with? If one is so concerned?