It is said to have only been done in a research lab, but if they've done it so has someone on the other side.
This attack uses the "Low-Power Mode" functions such as the Bluetooth chip, RFID/NFC capabilities, and UWB chip to access the phone when it's off. This design allow these chips access to your phone as a "safety" feature, but clearly can be used for malicious reasons as well.
These were deemed as a safety feature so that you might be able to use "find my iPhone" or your phone as a car key even if your phone was off or dead. However, the constant on functionality of these chips introduce a larger number of threats.
For one, we constantly mention how trackable you are and how just turning your phone off is not a solution, especially since you can no longer take your battery out.
The researchers say that at the moment that the attackers would still have to exploit the Bluetooth capabilities and find a way to access the rest of the device.
It is our opinion, that if someone has already gotten this far, they could probably go that extra step and access your devices information.
If at this point your still thinking, why does this matter?
To that I ask, "Do you travel? Do you take the subway? Do you go to crowded coffee shops?" etc.
In other words, the reality of this attack mean that if you frequent well-trafficked areas, your device could be susceptible to one of these attacks in the future.
We already advocate using a Faraday Sleeve when traveling due to tracking reasons, as this will block any ingoing our outgoing signals regardless if your device is on.
Our latest Pacsafe® x SLNT® Anti-Theft Collection adds Faraday functionality to a well designed form to fit in in any situation from the airport to the coffee shop and finally to the office.