There’s a new iOS exploit that affects all iOS devices running on A5 to A11 chipsets. The exploit is dubbed checkm8 and it was discovered by a researcher known as axi0mx.
The checkm8 Exploit Explained
The checkm8 exploit leverages vulnerabilities in Apple’s bootroom, or SecureROM, which allows deep level access to the iOS device. The jailbreak, however, is not permanent, and it will only work until the next reboot of the device. Nevertheless, the fact that it’s unpatchabale creates a huge security risk to users. The update to newer devices with unaffected chips should be considered as a way to circumvent this risk, researchers say.
The exploit is likely a powerful tool in the hands of attackers as well as advanced users who want to bypass the built-in protections of iPhones and iPads. There are many reasons for wanting to circumvent these protections – customize the operating systems, add software, execute code at bootrom level, etc.
Not to mention that law enforcement, gray-hat companies and organizations that deal with exploits can also benefit from an exploit such as checkm8, security researchers point out.
Fortunately, there are some limitations to the exploit for hackers. First of all, it can only be exploited remotely. The second condition is that the device should be connected to a computer and put into a Device Firmware Upgrade mode. Nonetheless, checkm8’s author says that the need of a computer may be skipped by using a specially crafted cable or a dongle.
Another drawback that malicious actors will not like is that the exploit can’t be used to install persistent malware on devices, as changes are reverted once the device is rebooted.
According to the creator of checkm8, the exploit affects most generations of both iPhone and iPad devices, such as:
iPhones from the 4s up to the iPhone X
iPads from the 2 up to the 7th generation
iPad Mini 2 and 3
iPad Air 1st and 2nd generation
iPad Pro 10.5-inch and 12.9-inch 2nd generation
Apple Watch Series 1, Series 2, and Series 3
Apple TV 3rd generation and 4k
iPod Touch 5th generation to 7th generation
The exploit can be used by researchers and developers to “dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG,” noted axi0mx in a series of tweets. It should be added that additional hardware and software to use JTAG is needed.
“Needless to say, jailbreaking is not dead. Not anymore. Not today, not tomorrow, not anytime in the next few years,” checkm8’s author concluded.