When the user turns off their iPhone, it doesn’t fully shut off. It goes into a low-power sleep mode where the Bluetooth chip inside remains active. The Bluetooth chip is responsible for enabling features like Find My and Apple Wallet cards to function when the iPhone is powered off.
The Bluetooth chip has no mechanism in place to digitally sign or even encrypt the firmware it operates. Academics at Germany’s Technical University of Darmstadt figured out how to take advantage of this exploit to load malware onto the powered-off iPhone, giving the hackers access to the iPhone’s location and ability to run other programs. This special feature remains active 24 hours after the iPhone is powered off.
But here’s the catch… to take advantage of the Bluetooth chip, the iPhone must be jailbroken first, which is one of the most difficult things to do.
Overall, features implemented by the low-power sleep mode add a decent layer of security because users can locate their lost or stolen devices, even when the battery is drained. Now that this issue arose, Apple can begin working on a security patch to resolve this exploit.
Credit: https://www.wired.com/story/iphone-find-my-malware-attack-vulnerability/