Checkm8: New vulnerability found in iPhones - Apple powerless
A security researcher has published an exploit that should enable a quick jailbreak on practically all Apple devices. Under certain circumstances, this could allow malware to be installed.
The jailbreak community is in a frenzy: Security researcher Axi0mx has published an exploit called "Checkm8" on the internet. Axi0mx shows a boot ROM exploit on Github, which is supposed to make a simple jailbreak up to the iPhone X possible. The hack is based on a hardware vulnerability that exists in Apple chips.
Apple cannot close this gap with an update - the devices are therefore jailbreakable forever, so to speak.
Because the vulnerability found is in the boot ROM. The boot ROM can only be read but not written to, as it is read-only memory. The vulnerability could therefore only be fixed on the hardware side.
Malware could be installed via the security gap. However, this is rather unlikely.
No reason to panic
According to Axi0mx, the vulnerability found is no bigger or more dangerous than other attack vectors. If you want to install unauthorised software on an iPhone, you need physical access to the device with the boot ROM exploit and a reboot. There would therefore only be a risk if your device is unattended and not protected with a PIN. Because the jailbreak is only possible via cable, remote cracking is not possible at all.
The device code is required to access the user data - even with this physical attack. If the Apple device is to be cracked using the new exploit, it must be connected to a computer by cable and put into maintenance mode (DFU).
In initial reports about the vulnerability, it was stated that the devices could be cracked even when locked without a PIN. However, this is not entirely correct. The PIN is required to access the user data - but a PIN must have been set.
The jailbreak is also not persistent. If you suspect an attack, the hack is gone again with a reboot.
Jailbreak is possible on these devices
The vulnerability found is a bug in the A-chip series. According to Axi0mx, all iPhone and iPad generations with an A5 to A11 chip can be jailbroken with Checkm8.
These would be these iPhones:
- iPhone 4S
- iPhone 5
- iPhone 5s
- iPhone 5c
- iPhone 6
- iPhone 6 Plus
- iPhone 6s
- iPhone 6S Plus
- iPhone SE
- iPhone 7
- iPhone 7 Plus
- iPhone 8
- iPhone 8 Plus
- iPhone X
In the case of iPads, models 2-7, iPad mini 1-4, iPad Air, iPad Pro 1 and 2 are affected. For Apple TV 3 to 4K and iPod Touch models 5 to 7, i.e. a large number of devices. The new iPhone 11 and iPhone XS are not affected.
The effects
Apple cannot close the gap, but the gap will hardly have any impact on normal users.
The tool will also not bring any major changes for criminal hackers, law enforcement and secret services: The security researcher explains to Ars Technica the benefits of Checkm8 in this regard:
«I don't think they can do anything today with Checkm8 that they couldn't do yesterday [without Checkm8]. It's just that they might have done it yesterday in a slightly different way. I don't think they're gaining anything with this release.»
So far, the hack is still a proof-of-concept hack that has yet to be incorporated into appropriate jailbreak tools. There has not yet been a public jailbreak for iOS 13.
For Apple, the impact is likely to be damage to its image and ridicule and mockery from the communities. Especially because the Californian company only recently released an update that fixed a vulnerability in iOS 12 that is required for the Unc0ver jailbreak.
The hack is powerful because Apple cannot do anything about it - but not from a user security perspective.
Testing devices and gadgets is my thing. Some experiments lead to interesting insights, others to demolished phones. I’m hooked on series and can’t imagine life without Netflix. In summer, you’ll find me soaking up the sun by the lake or at a music festival.