This is theoretical research that shows it may be possible to run malware on an iPhone that is still active even when the phone is powered off, by abusing a lack of authentication in the Bluetooth system and the fact that the Bluetooth is used in the Apple “find my…” functionality.
Here is the paper:
Evil Never Sleeps: When Wireless Malware Stays On After Turning Off iPhones (arxiv.org)
Only a theory and a research project at the moment – as far as we know!
Here is more research from the NCC Group, that shows what can happen when a technology is used for something it was not primarily designed for – such as using Bluetooth to lock your Tesla! (or my Ford?)
Update 18 May 2022
And then there is this in The Register:
BLE phone-as-a-key vuln allows access to Tesla Model 3 • The Register
And this in TechRepublic:
Theory into practice.