iOS 16: Simulated flight mode as a hidden hack

iOS 16: Simulated flight mode as a hidden hack - Photo by Sten Ritterfeld on Unsplash

Share post

Jamf Threat Labs has developed a technique on iOS16 that can simulate airplane mode. In concrete terms, this means that hackers could exploit this opportunity to trick the victim into thinking that the device's flight mode is turned on. However, malware is working in the background.

The attacker actually installed an artificial flight mode (after successfully using an exploit on the device). This changes the user interface so that the airplane mode symbol is displayed and the Internet connection to all apps is interrupted - except the application that the hacker wants to use. The technology has probably not yet been exploited by malicious actors.

More safety thanks to flight mode?

Flight mode ensures that passengers can safely use their devices such as smartphones or laptops during a flight. However, flight mode is now not only used when traveling, but also to save the battery or to temporarily disconnect from our “always-on” world. Others expect additional privacy when flight mode is switched on, for example during confidential meetings or when visiting secure facilities.

But does turning on airplane mode actually lead to more security and privacy? Researchers at Jamf Threat Labs studied Apple's Airplane Mode and found that malicious hackers have the ability to maintain a cellular connection for an application even if the user believes they have Airplane Mode turned on.

How was airplane mode manipulated?

The researchers managed to change the underlying code so that the airplane mode symbol appears, but the Internet connection is still maintained for certain applications. In order to make the deception seem as real as possible, the following changes were made:

  • The airplane mode icon turns on.
  • The network connection or Wi-Fi icon will be grayed out.
  • When opening the browser, the error message appears that is expected when airplane mode is switched on (see image).

🔎 The display shows airplane mode, but in reality the malware app is active and accessing the Internet (Image: Jamf).

The researchers also managed to interrupt access to cellular data or Wi-Fi for all apps, while maintaining it for only a selected application. The user believes that airplane mode is activated and the Internet connection is interrupted, while hackers can still load or pull data from the device via selected applications.

The screenshot shows how the researchers transformed the message that typically triggers when mobile data access is blocked for certain apps (left) into a notification window that looks like the typical Airplane Mode message (right).

How could hackers exploit this vulnerability?

The Threat Labs team created a video showing how an attacker might use this technique in a surveillance attack. For example, if fake airplane mode is active - that is, the device indicates that it is in airplane mode - the attacker can activate the camera or microphone and live stream from the device without the user being aware of a breach.

More at


About Jamf

Focused on Apple for over 20 years, Jamf is now the only company in the world with a complete endpoint management and protection solution that ensures enterprise-level security, is easy to use and protects end-user privacy.


Matching articles on the topic

Detect and defend against threats

In today's digitalized business landscape, combating threats requires a continuous, proactive and holistic approach. Open Extended ➡ Read more

Backup for Microsoft 365 – new extension

A simple and flexible Backup-as-a-Service (BaaS) solution extends data backup and ransomware recovery functionality for Microsoft 365, reducing downtime ➡ Read more

Cloud security: This is important in 2024

In the past, experts were not aware of drastic events such as the pandemic or wars. An expert in ➡ Read more

Tips for implementing the NIS2 directive

The correct use of cyber security is now more important than ever. Due to increasing threats, the risk of attacks is constantly growing. The ➡ Read more

Security Cloud Enterprise Edition as a managed service

“Cyber ​​Resilience as a Service” enables companies of all sizes to obtain Rubrik’s portfolio for more data security from the MSP SVA. category ➡ Read more

Immutable memory protects against attacks

A survey of cybersecurity experts from companies with more than 1.000 employees confirms that, at 46 percent, almost half of the ➡ Read more

Global Threats: Data Protection for Local Data

Ransomware attacks, data stealer attacks, exploits for vulnerabilities: Even if the attacks are global, they are aimed at a local part ➡ Read more

Five cyber defense strategies

In the past two years, attackers have managed to penetrate the systems of 78 percent of German companies. The ➡ Read more