Prime Inspiration

New unpatchable iPhone exploit could allow for a permanent Jailbreak for millions of devices

by

Haridas Gowra
in
Apple iPhone Security
Apple iPhone Security

A newly discovered iOS exploit named “checkm8“, classified as a bootrom vulnerability, could lead to a permanent, unblockable jailbreak on hundreds of millions of iPhones. The exploit is claimed to be a “permanent unpatchable bootrom exploit” oriented towards the iPhone 4s to the iPhone X irrespective of whichever iOS version they are running.

The exploit was discovered by a security researcher who goes by the name @axi0mX on Twitter. According to axi0mX, the exploit could give hackers deep access to iOS devices on a level that Apple would be unable to block or patch out with a future software update. In addition to this, it will give the device permission to downgrade even though Apple stops signing iOS builds. That would make it one of the biggest developments in the iPhone hacking community in years.

Furthermore, axi0mX also shared what he calls “open-source jailbreaking tool for many iOS devices” on GitHub that is meant for researchers and is not a full-fledged jailbreak tool compatible with Cydia. The tool can be used to downgrade to an older version of iOS, but definitive proof of it being done is yet to arrive, and there are still a lot of loose ends.

Here is how axi0mX explains it:

What I am releasing today is not a full jailbreak with Cydia, just an exploit. Researchers and developers can use it to dump SecureROM, decrypt keybags with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG.

The tool is currently in beta and also comes with the risk of bricking the iPhone on which it is tried.

Ars Technica interviewed axi0mX and the takeaways from the long-ranging interview are:

  • Checkm8 requires physical access to the phone. It can’t be remotely executed, even if combined with other exploits
  • The exploit allows only tethered jailbreaks, meaning it lacks persistence. The exploit must be run each time an iDevice boots.
  • Checkm8 doesn’t bypass the protections offered by the Secure Enclave and Touch ID.
  • All of the above means people will be able to use Checkm8 to install malware only under very limited circumstances. The above also means that Checkm8 is unlikely to make it easier for people who find, steal or confiscate a vulnerable iPhone, but don’t have the unlock PIN, to access the data stored on it.
  • Checkm8 is going to benefit researchers, hobbyists, and hackers by providing a way not seen in almost a decade to access the lowest levels of iDevices.

In order to perform the jailbreak, one needs physical access to an iPhone and a computer to connect both the devices via a USB cable, as the jailbreak can not be performed remotely. But the person who discovered it mentions that it is possible to create a cable or dongle than can take advantage of the exploit to jailbreak an iPhone without even requiring a computer in the first place.

Moreover, using Checkm8 will not give access to your data or bypass lock screen. It still requires your PIN or Fingerprint to access your device. This is because Apple introduced the Secure Enclave and Touch ID in 2013, that protects your data if you do not have the PIN. In other words, pretty much all current phones, from iPhone 6 to iPhone 8, will require a PIN or Touch ID as there is a Secure Enclave that protects your data.

In addition, the exploit only gives you temporary root permission and will only last till next reboot and any malware installed will not run once the device reboots. The researcher clearly explains that using this vulnerability, on its own, is not going to get you encrypted data or easily installable and persistent malware payloads on the devices this vulnerability affects.

However, it a boon to researchers, who can use the exploit in a reliable way to do important work that was previously impossible to do. It will allow them to analyze apps for signs of abuse. They will be able to better detect malicious websites. They will be able to detect the kind of imperceptible malware that are hard to find before.

It is still very early days for the checkm8 exploit. There is no actual jailbreak yet, meaning that you cannot simply download a tool, crack your device, and start downloading apps and modifications to iOS.

Apple is yet to release a statement regarding the new discovery, but the researcher who discovered it claims checkm8 is “the biggest news in iOS jailbreak community in years”.

Tags:

, , , , ,
Haridas Gowra Avatar
Haridas Gowra
Loves space, gadgets, comics and believes PC is superior to consoles.

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter

Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesn’t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Google’s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading