Checkm8: a new ‘unpatchable’ jailbreak for all iOS devices from iPhone 4s to iPhone X

The security expert Axi0mX has released a new jailbreak, dubbed Checkm8, that works on all iOS devices running on A5 to A11 chipsets: so all Apple products released between 2011 and 2017, including iPhone models from 4S to X.

https://twitter.com/axi0mX/status/1177542201670168576

The exploit was released for free on GitHub: the researcher described it as a “permanent unpatchable bootrom exploit” that is “possibly the biggest news in iOS jailbreak community in years.”

– permanent unpatchable bootrom exploit for hundreds of millions of iOS devices
meant for researchers, this is not a jailbreak with Cydia yet
– allows dumping SecureROM, decrypting keybags for iOS firmware, and demoting device for JTAG
– current SoC support: s5l8947x, s5l8950x, s5l8955x, s5l8960x, t8002, t8004, t8010, t8011, t8015
– future SoC support: s5l8940x, s5l8942x, s5l8945x, s5l8747x, t7000, t7001, s7002, s8000, s8001, s8003, t8012
full jailbreak with Cydia on latest iOS version is possible, but requires additional work

https://github.com/axi0mX/ipwndfu

The exploit is not a full jailbreak in itself, is “not perfectly reliable yet” and it cannot be exploited remotely: exploitation can be conducted over USB by having physical access to the targeted device.

A bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer.

https://twitter.com/axi0mX/status/1177581782738161664

Since the bootrom exploits are hardware-level issues and can not be patched without a hardware revision, a simple software update can’t address the newly released bootrom exploit.

Pro and Cons

For security researchers, this is a great boon, which should help them analyze any version of iOS that will run on an iPhone X or older, in order to locate issues and report them to Apple.

For forensic analyst this is a huge help: the checkm8 exploit could be used to gain a low level access to all but the more recent devices.

For Apple this is a serious issue for iOS security.
checkm8 could potentially starts a new generation of iOS malware, and may allow a more simple surveillance on all but the most current devices.
iOS has long been known as the most secure mobile OS. However, these incidents may compromize this reputation.

There are any risks for users?

Not this time: this kind of exploit is really different from the remote vulnerability disclosed some weeks ago.
Anyway, always install all security patch!


References

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.