Permanent Jailbreak on iPhones Possible Using Checkm8 Unpatchable Exploit

September 30, 2019

permanent jailbreak on iphones possible using checkm8 unpatchable exploitSecurity researcher axi0mX discovered “checkm8,” an exploit that could allow the jailbreak of millions of iOS devices. The exploit lies in the bootrom of the affected devices, which in turn is located on a read-only memory chip. This renders the exploit unpatchable and the resulting jailbreak permanent.

The exploit allows code to run from the bootrom level of compromised iPhone and iPad devices. Bootrom exploits for jailbreaks had been common for iPhone 3G and iPhone 4, however, more recent jailbreaks methods were done on the operating system level. An exploit from the bootrom level is unique, since it’s in the chip that was manufactured with the phone and cannot be changed or updated. Basically, the exploit will be there forever.

The jailbreak can be used on 11 generations of iPhones, starting from the 4S up to the iPhone X. This range of models translates to hundreds of millions of devices regardless of iOS version, although the newer iPhone models are unaffected. Axi0mX, reportedly, was able to successfully jailbreak an iPhone X running the latest iOS 13.1.1 version using this method.

Users of affected devices can rest assured that the jailbreak cannot be done remotely, even in combination with other exploits. The iPhone or iOS device needs to be tethered to a computer for the jailbreak using the exploit to happen. The exploit also has no effect on the Secure Enclave and Touch ID of iPhones since these work in a separate system that specifically handles keys and information like biometrics for better data protection.

Ultimately, the exploit is not a viable way to install malware. For a potential malicious actor, the prerequisite of having physical access to the device can be a deterrent. Also, a would-be attacker would not be able to use the exploit to steal data from a victim’s phone if they do not have the PIN. According to axi0mX, malicious actors would be better off using some other social engineering technique if they wish to install malware into the device.

For the most part, checkm8 benefits researchers and hobbyists by giving them a chance to access the lowest level of iOS devices in the form of the bootrom, which has not been possible in almost a decade. Although potential malicious actors could also use this access to gather more information about the iOS security architecture.

Axi0mX provided a detailed description of Checkm8 to Ars Technica.

The discovery of checkm8 highlights the importance of physical security as well as cybersecurity for any device. Best practices, such as using strong passwords and enabling secure device settings should be coupled with vigilance.

[Read: iPhone Phishing Scam Crosses Over Physical Crime]

Trend Micro mobile solutions

Multilayered mobile security solutions such as Trend Micro™ Mobile Security for Apple devices (available on the App Store) can monitor and block phishing attacks and other malicious URLs. For organizations, especially those that use BYOD devices, Trend Micro™ Mobile Security for Enterprise provides device, compliance, and application management, data protection, and configuration provisioning, as well as protect devices from attacks that leverage vulnerabilities, preventing unauthorized access to apps, as well as detecting and blocking malware and fraudulent websites.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.