iOS checkm8 exploit promises unpatchable jailbreaks with some caveats

JC Torres - Sep 29, 2019, 7:38pm CDT
0
iOS checkm8 exploit promises unpatchable jailbreaks with some caveats

The mobile tech world, and especially the Apple corner of that world, was flooded by news over the weekend about what could have been Apple’s worst nightmare come to life. Just like what happened on the Switch and the Fusée Gelée exploit, a security researcher discovered a similar vulnerability that lay deep in the most inaccessible part of an iPhone’s hardware. On paper, this exploit dubbed “checkm8” could offer a permanent way to jailbreak iPhones older than the iPhone Xs. In practice, regular users who want nothing to do with the jailbreaking scene have nothing to worry about unless they hand over their iPhones to an unauthorized person.

Both the Nintendo Switch’s Fusée Gelée and this iPhone checkm8 target the bootrom, the unmodifiable code residing in hardware that gets run the first time an iPhone is turned on. Just like the Switch, this can’t be patched without actually changing the chip were the code resides. Unlike the Switch, Apple has since released iPhones that do not contain this vulnerability.

Specifically, checkm8 only affects devices running on Apple’s A5 chip all the way up to the A11 generation, affecting all devices from the iPhone 4S to the iPhone X. Those using the most recent models need not worry as well as those using iOS’ Secure Enclave feature.

axi0mX, who discovered and published the exploit, reminds white hat hackers and security researchers that checkm8 is just an exploit and not a complete jailbreak. That said, it only took him a few seconds to actually jailbreak an iPhone X and have it boot with verbose messages.

While the exploit may be useful for researchers and those who regularly jailbreak their devices, it is actually less useful for those with less benign intentions. In order to use the exploit, the device has to be physically connected to a Mac via USB, removing the possibility of a remote hack, and has to be redone every time the iPhone reboots. This significantly reduces the chances of ordinary users’ iPhones getting compromised unless they lose the device, in which case they might have a bigger problem to worry about anyway.


Must Read Bits & Bytes

Leave a Reply

Your email address will not be published. Required fields are marked *