Hacker found Apple security hole

Author: Mario Schmidtgen
Date: 01.10.2019

Isn’t the iPhone safe anymore?

“We strongly advise all journalists, activists and politicians to switch to an iPhone that has been released in the past two years with an A12 or later chip,” advises Ryan Stortz of the security company Trail of Bits. This warning gives an idea of how serious the consequences of a security hole can be. The generations iPhone 4S up to iPhone X are affected. But not only these devices are at risk, iPads and Apple TVs are also affected. Only the iPhone XS and XS Max models are safe.

Many people believe that Apple will get the bug under control with the new update. Unfortunately, the security hole is so large that the company is not in a position to do so.

“Checkm8” attacks iPhone

The iPhone Boot-ROM-Exploit is the keyword here. It is a program that is used when there is an error in the boot process of a device. You can find the exploit on the Internet under the name “Checkm8” (Checkmate).

Due to various organizations, security experts, secret services and circles of tech hobbyists, this lack of security must be known. The software offers different groups the possibility to execute different codes on affected devices. Apple manages to prevent this until a reboot occurs. As an example, one could run the Android system on the iPhone. “Checkm8” is transferred via USB. However, this process can only be done physically and involves the direct use of the device.

Final boss for hackers: Finding errors in the startup process

With the mixture of the exploit and enough technical knowledge, you can also create a “Jailbreak” and thus have complete control of the device. This can be done only on smartphones. It is already speculated about how it can be used in the area of consoles. In this way one could use illegal copies of games on the system.

To get rid of the program you have to replace the chips. Checkm8 is a boot ROM attack. It is hardware that checks the Apple certificates. The boot ROM is deactivated and the code is read. Thus Apple can do nothing more. For a hacker, the primary goal is to find an error in the boot process.

A great discovery for researchers

The culprit of this act is the hacker “axi0mx”. He posted the link to the code on Twitter on Friday and commented on it with an “epic jailbreak”. The purpose of the whole is to benefit the security researchers and the jailbreak community, where the main topic is “IOS”.

“Researchers now have the opportunity to intensively investigate iOS,” says security consultant Klaus Rodewig. Various researchers have probably also benefited from this link, because it enables them to get a first glimpse of Apple’s technology.

Code not as dramatic as suspected

However, Checkm8 is not suitable for the use of data theft. However Apple has encrypted all data well enough so that a jailbreak could not read our data. A passcode is required for this.

However, the Secure Enclave BootROM is not affected by the code, since it is an unchangeable hardware component. Kenn White of the Open Crypto Audit Project thinks that the exploit doesn’t “make things somehow worse than other available options”. The hacker would have to have held the device in his hand to run this application. Thus, you should be careful to cross borders and never leave your phone unattended.

Klaus Rodewig also points out that not only data stored on the device could be a target: “Whoever has access to the device also has access to the network traffic,” he says, “for example, passwords could be recorded”.

Buy a new iPhone?

Despite this, Trail of Bits expert Stortz recommends switching to a new and safe device. It is also recommended to set up a user-defined alphanumeric code. This would make it a lot harder for hackers. “If you never hand over your device, you can continue like this,” comments Stortz, “but I would switch if I would be in a risk group.”