Convopage
See the entire conversation
“iPhone Remains Findable After Power Off” what I can’t keep up anymore.
197 replies and sub-replies as of Oct 02 2021
So I guess “power off” doesn’t mean “off” anymore, it means the device stays on and does some kind of low-power nearfield communication. I’m trying to decide how I feel about this.
The off switch is buried in the “Find My” settings dialog, weirdly in a tab called “Find My Network” which might make you think it’s intended to… find your network… but actually I think this is some kind of branding gone wrong.
I wonder what the attack surface of their “powered off you can only find the phone” mode looks like. I hope it doesn’t use weird exploitable SSL libraries that haven’t been updated since 2012.
I think that setting might also prevent your phone from serving as a relay for other air tag location pings
In other news I updated my phone to iOS 15 and put it down to charge last night. When I woke up it was hot, and my battery has gone from 100% to 15% since 7:30am. I gotta get off this ecosystem.
Wow, this thread somehow inspired an insane comment thread on HN which is 50% people saying they’ve known about this feature for a year and only an idiot would be surprised by it, 50% people expressing surprise that the feature even exists. news.ycombinator.com/item?id=286929…
For the record (inspired by the many excellent comments on HN) I have no specific beef with this feature: I’d just like to know how it works. I think a proper explanation of it would be security-relevant and I would expect to see something about it in the iOS Security Guide.
A little bird told me the phone writes a series of pre-computed cryptographic beacons to the UWB chipset, but little birds are no substitute for official documentation.
Wow, ok! This post does some proper reverse engineering and shows that the “Always On Processor” interfaces with the Bluetooth chip to implement this functionality. Great to have an answer.
Always-on Processor magic: How Find My works while iPhone is powered off
Wireless and firmware hacking, PhD life, Technology
naehrdine.blogspot.com
My tweet above (two higher in the thread) was apparently wrong. The Find My keys get exported to the Bluetooth chipset. I still wonder how exploitable the whole mess is while the phone is off. Should we care?
Ok, update: the Find My beacons are spooled out to storage, rather than the keys themselves. Which presumably are safe in the SEP. Thanks @naehrdine for the second look. (Also anyone who cares about Apple RE should follow @naehrdine)
I mean, it's Bluetooth. It's got to be secure right? The spec alone is only 800 pages.
the little birds know more than the official documentation, it seems. In fact, sometimes the little birds are the real MVP 😉
Also, see this web.archive.org/web/2021071601…, although I haven't been able to find a source for that
So the SEP stays “live” during power off?
We did no such thing.
I have some intuition about the implementation in the Always On Processor and the Bluetooth chip patch required to run Find My while iOS is off. Might write it down soon, need to dig a bit deeper with IDA before.
Want to know how your iPhone remains locatable with Find My while turned off? I had a brief look into how it works.
naehrdine.blogspot.com/2021/09/always…
I just disabled this. I'm much closer now to the day I introduce my iPhone to a table saw.
I suggest reaching out to them personally: apple.com/privacy/contac…
Don’t bring up musk.
I have been thinking about implications for victims of domestic abuse, who will not even know they are being tracked. But it’s ok, because “most people” find it useful so that’s what we go with.
Do Tell!
And the other 50% are deriving the operational parameters of. uSB powered toaster based on first principles. One person is shilling their startup.
To be fair the number of idiots on HN is WAY higher than 50%.
I am very suprised that in certain circles dealing with certain topics with certain entities that this hasn't come up.... first I had heard of this. I'm still very curious on what kind of information can be gleaned while it is "off" and whether be cross referenced when it's on.
I miss n-gate’s take on ridiculous HN threads
I always find that devices need an extra reboot after an update to settle down.
And another .1 behind the release number.
Do you have any recommendations? Not interested in Google tracking so I’ve been looking at CalyxOS and GrapheneOS but fear losing a lot of functionality.
I’m ordering one of the next gen Pixels and trying (trying!) GrapheneOS. Not sure I’m going to like it.
Will keep an eye on your twitter for your review! Thanks.
is there an ETA on when Graphene will be available for next-gen pixels? A few weeks ago I hadn't seen an announcement yet.
GrapheneOS is pretty manageable with aurora store. The only hard nos are Uber and Lyft. One banking app wouldn't do transfers without Google play for a while, but that behavior changed. OsmAnd is great if you can figure out how to enter USA addresses in that euro reverse notation
LineageOS with microG is an interesting option I haven't tried out
Check out Sandboxed Play services on seperate profile. It's neat. grapheneos.org/usage#sandboxe…
Omg 🤦♂️
also try out calyx
Calyx os is better probably with less restrictions and contraints comparing to graphene os...
Wireless charging. And it was 100% it’s just consuming power somewhere like crazy. I rebooted so maybe it will stop.
Wireless charging always heats the phone a ton. Please 😒
You just updated to a major OS revision. It's fairly common for this to do things like re-indexing of data, processing of data, etc. This could explain the extra power use, for sure. Usually this sorts itself out within a day or two.
There is literally nowhere to go aside from Android and that is much worse.
I had this same issue the first night after updating to iOS 15, I believe because it does some one-time background tasks like updating the photos index and things like that
That’s normal for the first few days after an OS update. It rebuilds the search and other indices.
Happens on macOS too, it’s a bad bug but one they haven’t fixed yet.
It's not a "bad bug". It's not a bug at all, actually. It's working as it's designed to work.
It does tend to cause undesirable behaviour at times. Like what Prof. Green experienced, or huge slowdowns on an old Mac (sometimes it’d take up almost all available RAM and a reboot would be necessary, may be a mem leak).
Of course, it’s hashing all your photos….
It’s the best ecosystem. 🤷♂️ by far. Signed former android fan.
Always hated Apple. In 2015 I bought an iPhone 6. Now I have the complete lineup (iPhone, Watch, AirPods, MacBook, iPad). Sometimes you feel locked, but the truth is that Apple ecosystem is far beyond all competitors
What's so great about it?
The vendor lock in, planned obsolescence and restrictions on what you can do in that OS was enough to put me off.
The alternative ecosystem is actually worst
Are you using Spotify? They’ve been implicated in sucking battery life in iOS devices and have released a statement saying a fix is coming
My (soon to be Ubuntu) Pine Phone is with DHL right now...
you are the only one this happened for 😅 my iPhone is just as good as in iOS 14, but now with extra features
But don't worry, Apple is not going to miss you
Worth looking in Settings/Battery to see which apps are using the most power. Also disabling background app refresh except for apps that need it. Something clearly amiss here.
By where? Where? There is nowhere to go… 😭
Can't believe people still buy em
"I gotta not rely on technology so much" makes sense. If you're concerned about security provisions on Apple tech though, I'm afraid you're in for a bad time looking for alternatives. Everyone else is actively trying to mine your data to support their business model.
Happened to me too. It settles down after a day or two. I'm guessing it's reindexing everything and ML scanning your photos for objects/people.
It's probably because it was indexing and rebuilding DBs after the update. Nothing weird
Matt: Pixel 5a and @CalyxOS.
I had a new iPhone every year since launch.
Now the battery lasts close to 4 days. Amazing what happens when there are not a million extra bg processes running.
twitter.com/Salis/status/1…
Battery on @CalyxOS—so when there are not a million background processes tracking you—is unreal.
this happened to me first day after update as well
It's incredible that you think Androids won't do this
Join ussss
Probably out of stock within minutes
Is that an educated guess? 😬
From a threat model point of view, I see a big difference between NFC Direct Access mode when the main CPU is powered down (e.g., for tickets, keys, and ID documents) and longer-range radios being periodically up.
I understand that part, but another aspect of the threat model is physical distance of access. For NFC, realistically it implies holding the device in hand. For Bluetooth, attacks at (local) scale are realistic.
i imagine it periodically powers up the bluetooth chip to send out Find My packets like it was an airtag; i don't think it'd be parsing anything it receives but this is pure speculation heh
Yeah the first “pwn iOS while it’s turned off” presentation is going to be wild.
There were already people who detected iPads in cars through they bluetooth signals, to steal the, years ago.
I guess something like that could be possible.
‘Find My’ network
Worst branding ever.
I think that setting might also prevent your phone from serving as a relay for other air tag location pings
When your phone turns off it will beacon lost messages just like an airtag. @furiousmac just published a paper on the airtag functionality and describes the Bluetooth protocol :)
Worst branding ever.
That’s a bad name because they got carried away, but the docs team will point out “network” is lowercase so it’s within their style guide. Sigh.
(No comment)
It's copying the functionality that came to the Mac a couple of years ago (I think?), where one could "locate, lock, or erase" Macs that were lost or stolen.
(Also terrible phrasing in the Settings for that piece of functionality)
Seems like a weird thing to jam into a single multifunction switch.
How so, you either want to partake of “Find My” (to the best of your Phone hardware’s ability) to allow you to find your phone if it’s lost or stolen, or you don’t. Y/N
Take it from a German-Speaker: sometimes capitalization is important. The original text reads “Find My network” not “Find My Network”, but you’re not wrong. “Find My” is an awkward bit of branding.
On my iPhone Xs (no UWB hardware in that generation) the message does not mention power off. But that doesn’t demonstrate which radio still has power when a more modern phone is off
Thanks, disabled. This is a bit of a misleading warning isn’t it?
Notice how it says “devices” and not “phone,” because presumably when my phone is powered on and connected to WiFi, I can find it… also, do I need to disable this on my computer too??
Are you serious?
On the bright side you could always pop the battery out. Oh. Wait.
I foresee a market for iPhone metal cases.
you can use an iPhone that is out of battery to swipe in to a DC Metro if it’s otherwise set up (allegedly, haven’t tried). for a few hours
Basically like an air tag.
What do you want to bet it’s much more interactive and vulnerable.
More interactive? For sure. More vulnerable? I don’t know. Overall I think the pros outweigh the cons here, but it is worth thinking on.
Off for you
and the "disable" wifi in the pulldown menu just turns it off for a bit, then helpfully turns it on, whether you intended that or not.
surely we should all be greatful that apple knows so much better than us how we should use the devices we paid for and allegedly own.
While there may be some times you want to turn it off, for most people this will be helpful. For example, it’s common for phone snatchers to turn the phone off immediately to prevent it from being tracked.
"Power off" hasn't meant that the power is actually *off* for quite some time. These things need a *hardware* power switch that, you know, cuts off the power.
iPhones with NFC habe been able to run on so called “power reserve” to use NFC (for example for payment s via Apple Pay) even when your battery is too low to power the main system.
Why is everyone acting so surprised about a feature that had been advertised for years?
Because FindMy uses Bluetooth not NFC.
See express card functionality: support.apple.com/guide/security…
No surprise that Apple used the same mechanism to power the AirTag like functionality of the hardware in the same manner.
Makes stealing an iPhone even more risky and impossible to sell the whole device.
Express Cards with power reserve
If iOS isn’t running because iPhone needs to be charged, there may still be enough power in the battery to support Express Card transactions.
support.apple.com
I thought ExpressCards were extremely short range near field communication systems (10cm). And AirTags were longer range (tens of meters) possibly using Bluetooth.
AirTags use Bluetooth LE and Apple‘s ultrawideband chip.
When I worked at the NSA we weren't allowed to bring phones inside even if they were turned off - and that was 17 years ago. Phones are a security nightmare
The first time I shut the phone off after the upgrade it asked me if I wanted to enable or disable this feature, if I am not entirely mistaken.
I watched enough 24 to know that if you don't remove the battery, they can still pentagonize you
I have a Mac for the first and I can definitely say that that thing is NEVER off.
Right. Apple has gone to far on many fronts at this point. Like I would love to participate in the find my network with my phone on but also be able to turn my phone off. They could make that an option. But they don’t want to. FML.
It turns the iPhone into a Tile:
Find Your Keys, Wallet & Phone with Tile’s App and Bluetooth Tracker Device | Tile | Tile
Tile Bluetooth trackers help you find your keys, wallet, phone and everything that matters. Join the world's largest lost and found community and never lose anything again.
thetileapp.com
plz it is bad
Today's power buttons merely request the device turn on/off. And wireless isn't really off unless "Airplane mode" is engaged – but again, this is only requesting the radios turn off.
More devices should have switches hard-wired, esp w their poor security track record.
It's like, fucking computers, man.
Wait… WTAF?
more likely the software components - AirTags are GPS chips with firmware.
AirTags don’t have GPS receivers. They depend on the phone discovering them to have GPS.
AirTags uses Bluetooth Low Energy and depend on the network of macs and iPhones to ping them and then report back to Apple. They’re essentially dumb Bluetooth beacons being made discoverable by a network of phones.
*ahum* wake on lan. In laptops since the 90ies.
Are you surprised? LMAO
Remember that there are people out there that asked for this and want it. Question is, how much battery juice is reserved to support it?
Seems like it basically just acts like an AirTag in this mode. An AirTag can live off a coin cell for a year, so not much juice
Faraday bag solves this
I remember reading a study that found faraday cages don't shield from all frequencies, but actually amplify some freqs.
I would imagine you could "tune" two layered Faraday cages to provide more complete shielding.
That's quite true unfortunately. That's why you always need to check. Also check any you buy for car keys or to protect those awful contactless bank cards. To be effective they need to be earthed too.
Put it in an empty ( unused) metal paint can if you can still find them. Seal the lid with a hammer. That will give you about 100 dB of attenuation at all frequencies.
You can also hide your iphone inside an abandoned microwave. Checkmate.
Shit is getting to real! 🙈🙉🙊
This is not just limited to iPhones. Windows laptop’s don’t shut down either. If you want the system to do a fresh reboot you need to do a Restart. (This is because of the quick boot time some “customers” want)
They do if you ask, just hold down shift while restarting, or 'shutdown /s /f /t 0' or disable fast start. But by default they do something closer to hibernate, and they're still powered off. The iPhone will still have a processor running, probably doing BTLE beaconing.
Why is this a news? 😊
Powered off phones can be silently turned on for surveillance purposes for decades before smartphones.
Smartphones added a “Play dead mode” which keeps them available.
Spies can listen to your iPhone microphone even if it is switched OFF, experts reveal
CIA whistleblower Edward Snowden claimed America’s National Security Agency (NSA) could eavesdrop on the mobile phone’s mic without owners ever knowing - and experts agree it's possible
mirror.co.uk
That is why most can't have the battery taken out...
I assume the phone has the capability of an AirTag that feeds off the main battery, even when the phone is off. It just responds to BTLE requests with its serial so participating phones that are on will enrich with location info and send this to the cloud. Kind of makes sense
"enrich with location info and send to the cloud" is not necessarily a calming phrase
Haha. That is basically how the Internet of Things works.
Get an Android. When you lose it, check the sofa cushions.
Just remove the battery with a chisel.
Put it in the Microwave or a Faraday pouch.
This Actually works ?
Is there a way to switch off all transmission of data
Like airplane mood but really switch off every transmission??
Faraday cage, or "wrap it in aluminum foil"
pacsafe.com/collections/wa… I know it’s a tacky solution but at least it exists on the market for now 😬
Silent Pocket Faraday Phone Guard
Drop off the grid and shield any signals to or from your phone. This phone guard blocks WiFi, Bluetooth, GPS, and more, giving you total peace and quiet from alerts or anyone trying to trace you and your information. An RFIDsafe slip in the back also protects your cards and passport from unwanted scans.
pacsafe.com
Stuff like this is why no one takes privacy advocates seriously. They’re a self-maintaining ball of incessant outrage.
Stuff like what?
You told us 😅
Faraday bag!
People surprised by this, 2014 wants to talk to you. There is no hidden outrage here stop manufacturing it and get a hobby.
Seems like a really useful feature. If you’re worried that nation states exploit your powered-off iPhone, maybe you shouldn’t carry a smartphone in the first place.
I’m not particularly worried, but I’d gather the journalists and politicians who do get exploited would have a hard time doing their jobs without one. washingtonpost.com/world/2021/09/…
farm b
iPhone is a hardware thing, android is an operating system. Not the same kind of thing and because of that your claim does not make sense
I still remember the distinct dialog where Apple asked me to opt-in on first boot of iOS 15. I selected to opt-in in because Apple asked! Unlike some competitors that you are gonna recommend!
This function is hardware based and i think was implemented around the iPhone X.
Old BlackBerry's used to do that too. Had to go into airplane mode to fully turn off radios.
That’s why you can no longer pull the battery out. Next feature will be battery power-up from wi-fi signals, later on just from phone network… see where it is going aye.
Why use iPhone to begin with? If one is so concerned?