Exploits
Hundreds of millions of iPhones are at risk of permanent jailbreaking!
30 October 2019
checkm8: the new ios bootrom exploit
A researcher known on Twitter as axi0mX recently discovered an iOS exploit called “checkm8”. This could lead to an unblock-able jailbreak on hundreds of millions of Apple devices ranging from iPhone 4S to iPhone X.
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.
— axi0mX 🌧️📲 (@axi0mX) September 27, 2019
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
Bootrom vulnerability
Checkm8 is a bootrom exploit. So-called because it exploits a security flaw in the code that iOS devices load while booting up. This vulnerability could give cybercriminals a far greater level of access to iOS devices. Furthermore, it’s read-only memory (ROM), which means Apple won’t be able to block it with new software. Therefore, it could be around for a very long time.
For iPhone hackers, this is a big news. It’s the first iOS bootrom exploit since iPhone 4 was released 10 years ago.
So far, there’s no jailbreak. So, you cannot just access a tool, crack an iPhone and download apps and modifications to the operating system.
The vulnerability is currently a “tethered” exploit, since it needs to be triggered via USB and must be enabled by a computer, effectively limiting its potential for a useful jailbreak.
However, there’s every possibility that this exploit will lead to an untethered jailbreak.
Potential scenarios
Permanently jailbroken iPhones
Downgradeable iOS devices
Dual-booting between
different version of iOS
Security issues
Cybercriminals could exploit checkm8 to overcome the account locks on iPhones, which are designed to stop other people accessing someone’s iPhone if it’s lost or stolen. The vulnerability could also be used to install rogue operating systems that steal data.
Although jailbreaking iPhones is no longer big business – especially now iOS has a much wider range of features – there’s the potential for checkm8 to reinvigorate the jailbreaking community.
Could this be the start of a new era of iPhone hacking?
“Specialising in mobile security, Appurity’s experts work with our customers to remediate and protect against checkm8 and other vulnerabilities. On-device threat defence solutions provide protection against actions an attacker may take on a compromised device. Appurity will be assisting our clients to make sure their threat defence policies are up to date and organisational policies or processes are in place for any devices that are out of a user’s control for a given amount of time.”
Tim Dinsmore, Technical Director at Appurity
Safeguard your mobile workforce
The good news is, Appurity and Lookout can help you to protect your mobile workers from bootrom exploits like checkm8.
