Gears & Gadgets

Unpatchable bug in millions of iOS devices exploited, developer claims

admin Comment(0)
Devices as recent as the iPhone X, based on Apple's A11 chip, are claimed to be vulnerable to a new boot ROM attack revealed today.
Enlarge / Devices as recent as the iPhone X, based on Apple’s A11 chip, are claimed to be vulnerable to a new boot ROM attack revealed today.
SOPA Images / Getty Images

Today, an iOS security researcher who earlier developed software to “jailbreak” older Apple iOS devices posted a new software tool that he claims uses a “permanent unpatchable bootrom exploit” that could bypass boot security for millions of Apple devices, from the iPhone 4S to the iPhone X. The developer, who goes by axi0mX on Twitter and GitHub, posted via Twitter, “This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community.”

The exploit has not yet been turned into a kit for jailbreaking the phone, something that requires specialized hardware and software. But it does provide a gateway for other attacks against the security of the device, allowing boot-level access to the phone’s internal software.

“What I am releasing today is not a full jailbreak with Cydia [an alternative package manager for jailbroken iOS devices], just an exploit,” axi0mX wrote. “Researchers and developers can use it to dump SecureROM [the boot ROM code], decrypt keybags [the escrow memory with the keys for all encrypted data on the device] with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.” (JTAG is “Joint Test Action Group,” an interface used for verifying printed circuit boards sometimes leveraged in forensic examination of smartphones.)

The developer said the attack used in the exploit “uses a race condition” to defeat the secure boot but is not yet entirely reliable. It can only be executed locally over USB. The vulnerability was uncovered as the result of a patch issued to the beta of iOS 12 in the summer of 2018, axi0mX said.

It’s possible that this exploit has been found by other researchers and is already in use, especially via tools used by intelligence and law enforcement agencies, such as GreyShift’s GreyKey. Many of these tools use proprietary hardware to collect data off iOS devices.

Ars contacted Apple for comment and has not received a response; this story will be updated as more information becomes available.

Let’s block ads! (Why?)

Tech – Ars Technica

Related Articles
Gears & Gadgets

Apple M1-native malware has already begun to appear

admin

Enlarge / GoSearch22 isn’t, technically speaking, any sort of “virus.” But it’s certainly not anything you’d want on your shiny-new M1 Mac. Pete Linforth Last year, Apple released Macbooks and Mac Minis powered by a new ARM CPU—the Apple M1. A few months later, malware authors are already targeting the new hardware directly. Wired interviewed Mac […]
Gears & Gadgets

The WWDC Liveblog: All the OS details from Apple’s annual keynote

admin

Enlarge / Neon emoji and animoji images accompanied the invites to press. Apple Liveblog starts in: View Liveblog At 10am PDT (1pm EDT, 5pm GMT) on Monday, June 3, 2019, Apple will host its “special event”—or as we’ve long called it, the keynote—to kick off the 2019 Worldwide Developers Conference. In front of an audience of […]
Gears & Gadgets

Facebook and Google have ad trackers on your streaming TV, studies find

admin

Enlarge / A Vizio TV seen at CES in 2011. Ethan Miller | Getty Images Modern TV, coming to you over the Internet instead of through cable or over the air, has a modern problem: all of your Internet-connected streaming devices are watching you back and feeding your data to advertisers. Two independent sets of […]

Leave a Reply

Your email address will not be published. Required fields are marked *