Researchers at Apple device management company Jamf have published a paper titled “Fake Airplane Mode: A mobile tampering technique to maintain connectivity.” The paper reveals that attackers can implant rogue software onto iPhones to carry out a “fake airplane” attack, which tricks users into thinking their device is offline when it is not. This technique does not steal private data from other apps, but rather manipulates visual clues to give the appearance of being offline. This poses a significant threat, as even the App Store is not immune to malware and potentially unwanted applications. Scammers and spyware peddlers could potentially hide “fake airplane” treachery in seemingly harmless apps to bypass the App Store’s verification process.
The researchers explain that most users check if they are disconnected from the internet by swiping up from the home screen and tapping on the airplane icon in the Control Center. This typically turns the airplane icon orange and greys out the mobile, wireless, and Bluetooth icons. However, Jamf discovered sneaky tricks to separate appearance from reality. They intercepted the API call triggered by tapping on the airplane icon, recording the switch to airplane mode in the iPhone logs. However, instead of turning off airplane mode, the system call was hijacked to only disable Wi-Fi, leaving a pathway for authorized apps to use mobile data. They also reconfigured the browser to block the app from using mobile data connections instead of the entire device. To further deceive users, they replaced the “mobile data is turned off” notification with the more reassuring “airplane mode is on” message. Lastly, they dimmed the mobile data icon to give the false impression that it was disabled.
To protect against this technique, users should directly check their device’s connectivity status on the Settings page rather than relying on the Control Center or browser. The researchers found that changes made through the Control Center can be misrepresented, but the Settings page allows for correct control and reliable verification of the Airplane Mode setting. While it is theoretically possible for a determined attacker with powerful malware to interfere with the Settings page, the Jamf team did not find a practical way to do so in their research.
Key Points:
1. Researchers at Jamf have discovered a technique called “fake airplane” mode that tricks users into thinking their iPhone is offline when it is not.
2. Attackers must implant rogue software onto iPhones to carry out this attack.
3. The technique does not steal private data but manipulates visual clues to give the appearance of being offline.
4. Scammers and spyware peddlers could potentially use this technique to bypass the App Store’s verification process.
5. Users should check their device’s connectivity status directly on the Settings page rather than relying on the Control Center or browser.