| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the abuse of the iPhone's always-on mechanism to run malware has happened within the same organization, Apple. Researchers discovered a way to exploit the lack of hardening in the iPhone's Bluetooth chip firmware to run malicious firmware even when the device is turned off [128141].
(b) The software failure incident related to the exploitation of the iPhone's always-on mechanism to run malware could potentially impact other organizations or devices as well. The researchers highlighted that similar attacks could be possible on Android devices if security flaws susceptible to over-the-air exploits are discovered [128141]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the article. Researchers at Germany’s Technical University of Darmstadt discovered a vulnerability in the iPhone's Bluetooth chip, which lacks mechanisms for digitally signing or encrypting the firmware it runs. This design flaw allowed attackers to exploit the always-on mechanism to run malware that remains active even when the iPhone appears to be powered down [128141].
(b) The software failure incident related to the operation phase is highlighted in the article as well. The researchers pointed out that the current low-power mode (LPM) implementation on Apple iPhones is opaque and adds new threats. They mentioned that the implementation within the Bluetooth firmware is not secured against manipulation, which could lead to malware running while the iPhone is turned off. Additionally, the article mentions that firmware infections are extremely difficult to detect since it requires significant expertise and expensive equipment, indicating challenges in detecting and mitigating such operational failures [128141]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident described in the articles is within_system. Researchers discovered a way to abuse the always-on mechanism of iPhones to run malware that remains active even when the device appears to be powered down. This exploit involves manipulating the low-power mode (LPM) in the iPhone's hardware, specifically targeting the Bluetooth chip, to run malicious firmware [128141]. The lack of hardening in the Bluetooth chip's firmware allows attackers to track the phone's location or run new features even when the device is turned off. This vulnerability within the system poses a significant security risk as it enables malware to operate stealthily and persistently on the device.
(b) The software failure incident is also influenced by outside_system factors. The potential for exploiting the always-on feature in iOS, as demonstrated by the researchers, could be leveraged in post-exploit scenarios by sophisticated smartphone exploit tools like Pegasus from the NSO Group. Additionally, if hackers discover security flaws susceptible to over-the-air exploits, similar to those seen in Android devices, they could infect the iPhone's chips remotely [128141]. These external factors, such as the availability of advanced exploit tools and vulnerabilities in other systems, contribute to the overall risk landscape surrounding the software failure incident. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident in the articles is related to non-human actions. Researchers discovered a way to abuse the always-on mechanism in iPhones to run malware that remains active even when the device appears to be powered down. This exploit takes advantage of the lack of hardening in the iPhone's Bluetooth chip firmware, allowing attackers to track the phone's location or run new features when the device is turned off [128141].
(b) The software failure incident in the articles is not directly related to human actions. However, it is mentioned that infections required first jailbreaking an iPhone, which is a difficult task, particularly in an adversarial setting. Additionally, the possibility of hackers discovering security flaws susceptible to over-the-air exploits similar to those targeting Android devices is mentioned, which could potentially introduce human actions as contributing factors in the future [128141]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident in the articles is related to hardware. Researchers found a way to abuse the always-on mechanism in iPhones to run malware even when the device appears to be powered down. This abuse is possible due to the lack of hardening in the iPhone's Bluetooth chip firmware, allowing attackers to track the phone's location or run new features when the device is turned off [128141].
(b) The software failure incident is also related to software. The researchers discovered vulnerabilities in the low-power mode (LPM) implementation on Apple iPhones, which allows chips responsible for communication to run in a special mode even after the device is turned off. This lack of security in the software implementation of LPM poses a risk by enabling malware to run while the iPhone is turned off [128141]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. Researchers discovered a way to abuse the always-on mechanism in iPhones to run malware that remains active even when the device appears to be powered down. This exploit allows attackers to track the phone's location or run new features when the device is turned off. The lack of hardening in the iPhone's Bluetooth chip firmware was exploited to achieve this, highlighting a security vulnerability that could be used for malicious purposes [128141]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
The software failure incident described in the articles is related to poor decisions made in the design and implementation of the iPhone's low-power mode (LPM) feature. The lack of digital signing or encryption in the Bluetooth chip's firmware allowed researchers to exploit this vulnerability and run malicious firmware even when the iPhone appears to be powered down. The researchers highlighted that the design of LPM features seemed to be mostly driven by functionality without considering threats outside of the intended applications, leading to potential security risks. Additionally, the researchers pointed out that Apple engineers reviewed their paper before publication, but the company did not provide any feedback on its contents, indicating a lack of proactive response to the identified security issues [128141]. |
| Capability (Incompetence/Accidental) |
development_incompetence, unknown |
(a) The software failure incident related to development incompetence is evident in the article as researchers at Germany’s Technical University of Darmstadt discovered a way to exploit the lack of hardening in the iPhone's Bluetooth chip firmware, allowing for the running of malicious firmware even when the device is turned off [128141]. This exploitation highlights a significant security vulnerability that was not adequately addressed during the development process, indicating a failure due to contributing factors introduced by a lack of professional competence in ensuring the security of the firmware.
(b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article. |
| Duration |
temporary |
The software failure incident described in the articles can be categorized as a temporary failure. The incident involves a vulnerability in the iPhone's Bluetooth chip that allows for the running of malicious firmware even when the device appears to be powered down. This vulnerability is a result of exploiting the lack of hardening in the firmware of the Bluetooth chip, enabling attackers to track the phone's location or run new features when the device is turned off [128141]. The exploitation of this vulnerability requires specific circumstances, such as jailbreaking the iPhone, which is a difficult task, particularly in an adversarial setting. Additionally, the firmware infections targeting the low-power mode (LPM) of the iPhone chips are described as extremely difficult to detect, requiring significant expertise and expensive equipment [128141]. |
| Behaviour |
other |
(a) crash: The software failure incident described in the articles does not involve a crash where the system loses state and does not perform any of its intended functions. The incident involves a security vulnerability that allows malware to run on iPhones even when they appear to be powered down [128141].
(b) omission: The incident does not involve a failure due to the system omitting to perform its intended functions at an instance(s). Instead, it focuses on a security vulnerability that allows malicious firmware to run on iPhones even when they are turned off [128141].
(c) timing: The incident is not related to a failure due to the system performing its intended functions correctly but too late or too early. It is centered around a security vulnerability that allows malware to remain active on iPhones even when they are seemingly powered down [128141].
(d) value: The software failure incident does not involve a failure due to the system performing its intended functions incorrectly. Instead, it pertains to a security vulnerability that enables malicious firmware to run on iPhones even when they are turned off [128141].
(e) byzantine: The incident does not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. It is primarily about a security vulnerability that allows for the execution of malicious firmware on iPhones even when they are supposedly powered down [128141].
(f) other: The behavior of the software failure incident can be categorized as a security vulnerability that enables the execution of malware on iPhones even when they are turned off. This behavior is not explicitly covered in the options (a) to (e) provided [128141]. |