iPhones with an impossible to patch hardware gap. It lets you break millions of devices

Share this:

Checkm8, as the exploit was called, is compatible with all iPhone models from 4s to X inclusive and can not be patched in any way – writes the security researcher with the nickname axi0mx. The specialist has published a tool that supposedly allows access to the lowest layers of a significant part of iOS devices, including cyberattack or jailbreak.

The vulnerability that axi0mx found is a hardware vulnerability. Applies to chips A5 to A11. In these systems, so-called gambling phenomena, which should be understood as non-zero propagation time. When the logical state changes, errors appear that allow the attack to be carried out in the side channel. The effect is that the bootrom is open, and as the processor is to blame, the error cannot – as the researcher declares – be patched with any update.

According to the expert, you can do anything with a broken device. From uploading unauthorized software, through decryption of lock and security keys, to JTAG plug-in. The condition is one: The attacker must have physical access to the equipment, because the starting point of the whole process is to use a crafted USB flash drive.

According to reports, the specialist came across a vulnerability by examining one of the beta versions of iOS 12 and patches placed in it, which, however, are not able to deal with the described exploit.

  Intel Core i9-9900KS more expensive over USD 100 than version K. Will it be worth the extra payment?

Intelligence agents could use the vulnerability

Interestingly, he also supposes that he is not the first to discover the error. Only before did anyone want to make it public. Commenting on Twitter, it implies that intelligence agencies and companies such as GrayShift, which offer data extraction from blocked iPhones, could have previously used the vulnerability. However, it does not provide any evidence, so it is advisable to keep a little distance when approaching these revelations.

The exploit itself is not very useful at the moment, at least not for the ordinary user. The author leaves a free hand to other crackers, who are encouraged, among others to create a jailbreak. However, with unrestricted access to the bootrom it is only a matter of time.

Share this: