I think that’s the lesson of this article — the SIM can instruct the phone’s radio to send and receive any sort of data (including SMS) without the rest of the phone ever knowing about it.
My understanding is that airplane mode does disable the radio entirely - so the SMS card trying to send messages wouldn't work unless the baseband (which, on iOS, is signed by apple and likely not an unknown binary blob to them) turned the radio on, let it connect to the network, sent the message, then turned off the radio, all without informing the OS.
Apple heavily resisted building a backdoor that would only be installed on a phone the FBI already had in their possession. Why would they build a way to bypass airplane mode if they receive a warrant?
They fought unlocking secure enclave. That has no bearing on active tracking. Apple is also under the eight ball with the threat of anti-trust regulation and are more incentivised than ever to make deals that turn down the heat on questionable business practices. They lost all credibility as a "security focused" company with their crazy on-device image scanning scheme.
I don't think the iPhone used in that case had a secure enclave. I think that iPhone was the iPhone 5C[1], which had an A6[2], while the secure enclave wasn't released until A7[3].
Wikipedia has the terms the FBI demanded, and to me they look like demands relating to software directly in iOS, not some other security chip[4].
>Apple is also under the eight ball with the threat of anti-trust regulation and are more incentivised than ever to make deals that turn down the heat on questionable business practices.
Questionable business practices impacting competition/monopoly, sure. But I don't see how a backdoor would make anyone think Apple has less of a monopoly.
>They lost all credibility as a "security focused" company with their crazy on-device image scanning scheme.
Apple publicly announced that in advance. That's different from a secret backdoor.
It can be remote but shifted in time. E.g. send a remote command that essentially says "if in airplane mode, every 60 minutes turn radio on and check for new commands".
That would cause major issues in areas where phones are forbidden for national security or sensitive equipment reasons from having antennas active. I've never heard a report that a manufacturer has even considered that idea as it could potentially cost them major damages.
Of course, that's not something that a legitimate manufacturer would have in their standard firmware.
However, that is a possibility for specific malicious firmware uploaded to some "phone of interest" to prevent its user from protecting themselves by turning on airplane mode.
Depends a lot on how airplane mode is implemented on a given device, I'd say. To my knowledge, this is not specified by the relevant standards.
One way would be to shut down the SIM as soon as it's activated, which would include proactive commands of any kind (like those the SIM uses to request sending an SMS from the phone/baseband).
Another would be to keep the baseband and SIM active, but to still deactivate the radio – in this the SIM might still be able to issue proactive commands, but without any network attachment, they would just fail.
Of course an implementation could also choose to briefly reattach to the network whenever it receives such a proactive command.
