On Friday the world was sent into a tizzy because of a supposedly “unpatchable” exploit being announced by a security researcher who goes by the handle “axi0mX” on Twitter. Dubbed “checkm8” this is a bootrom exploit for iOS devices equipped with A5 through A11 chips, including the iPhone 4S through the iPhone X, several iPad models dating back to the iPad 2, and the fifth-generation iPod touch and later. And because of the fact that this is in the bootrom, Apple can’t do anything to patch it. Thus those devices are vulnerable to being pwned by hackers. Right?
Well, not so fast.
The problem with this is that the universe lost its cookies about the exploit without understanding what the exploit is. So what I will be doing in this post is explaining what the exploit is and why this is almost a non-issue for most iOS users.
The exploit as mentioned above is a bootrom exploit. That means that beyond the fact that it is “unpatchable”, it can get around the protection that Apple built into the bootrom of the most recent iPhones and iPads. By using this exploit you can execute any code at the bootrom level that you want. But this is the key weakness of this exploit. Anything you do after you use the exploit to get into the phone is only in RAM. Which means that once you reboot the phone, anything bad is gone with the exception of the exploit which is ROM. So breaking into the phone and planting some malware is a non-starter because it would only be there until the next reboot.
Here’s the next reason why this exploit is almost a non-issue for most iOS users. Apple introduced the Secure Enclave and Touch ID in 2013, and this exploit can’t get into either of those. Meaning that you can’t unlock any phone with those features using this exploit. However, this exploit would allow you to very quickly get the PIN and get access to all the data of any iPhone that didn’t have the Secure Enclave and Touch ID. And I suspect that this is how devices from companies like Cellebrite and GrayShift break into iPhones. Though I also suspect that they are also taking advantage of multiple exploits to break into iPhones. Just using this exploit won’t allow them to do what they need to do.
Next up is the fact that iOS devices have what’s called a secure bootchain. Starting from the bootrom, every single step of the boot process is checked by the previous stage to make sure that it is trusted. Each step has a digital signature verified so that the phone only allows you to run software that is meant to be running on it. Which means that malware will not be able to get around this security as it will lack the sort of protections that Apple puts in place during the boot process.
So at this point, this exploit doesn’t look as scary as it did originally. But let’s go further. For you to execute this exploit, you need physical access to the phone so that you can put it into DFU Mode which is a mode that allows you restore an iPhone from any state. For example a bad software update. That requires a USB to Lightning cable and a PC or Mac along with pressing certain buttons on the iPhone in a certain sequence to fully pull off getting the phone into DFU Mode. Because of that, you cannot use this exploit remotely (such as going to a webpage that is booby trapped with attack code) which is how hackers would prefer to pwn any phone. iOS or Android.
So, let’s recap:
- This exploit is not persistent. Meaning that getting in and loading some sort of malware is a non starter because any malware would be gone after the next reboot.
- If you have an iPhone with the Secure Enclave and Touch ID, this exploit can’t break into those. But this exploit could be used to break into an iPhone without those features.
- iPhones have protections in place to protect the boot process
- It cannot be exploited remotely.
As a result it’s not going to affect 95% of iPhone users out there. Which means that your risk of being pwned by hackers is no different today than it was last week, or the week before that.
So why do I say this is almost a non-issue? Well, it is entirely possible that a nation state or some company who finds and sells exploits to the highest bidder, or a Grayshift or Cellebrite could use this exploit (if they aren’t already) and find some way to weaponize it so that it could become more useful which is a another way of saying more dangerous. And anyone who would weaponize an exploit like this is typically targeting specific people rather than the public at large. For example, exploits allegedly found by The NSO Group were allegedly used to target Arab dissidents. However these were exploits in iOS that we quickly patched by Apple. And they targeted specific individuals and not the public at large. On top of that devices from Grayshift or Cellebrite are typically used by law enforcement as part of criminal investigations. Which means that there’s due process behind the use of those devices, and they are again targeting specific individuals and not the public at large. So the take home message is that if whatever it is that you do would make you a target for this sort of activity, and you are running an iPhone X or older, you should run to the Apple Store to get a iPhone XR, XS, 11, or 11 Pro. The rest of you have nothing to worry about.
As a final note, bootrom exploits are the closest thing to a holy grail for jailbreakers and those who hope to hack into iPhones. As far as I know, there have only ever been eight of them and they are all listed here. But every time one of these exploits appears, Apple takes steps to make iOS and the environment it runs on more secure. So if there is a positive side to this, you can expect that your next iPhone to be even more secure than your current one.