Unpatchable bug in millions of iOS devices exploited, developer claims


Devices as recent as the iPhone X, based on Apple's A11 chip, are claimed to be vulnerable to a new boot ROM attack revealed today.

Enlarge / Devices as recent as the iPhone X, based on Apple's A11 chip, are claimed to be vulnerable to a new boot ROM attack revealed today. (credit: SOPA Images / Getty Images)

Today, an iOS security researcher who earlier developed software to "jailbreak" older Apple iOS devices posted a new software tool that he claims uses a "permanent unpatchable bootrom exploit" that could bypass boot security for millions of Apple devices, from the iPhone 4S to the iPhone X. The developer, who goes by axi0mX on Twitter and GitHub, posted via Twitter, "This is possibly the biggest news in iOS jailbreak community in years. I am releasing my exploit for free for the benefit of iOS jailbreak and security research community."

The exploit has not yet been turned into a kit for jailbreaking the phone, something that requires specialized hardware and software. But it does provide a gateway for other attacks against the security of the device, allowing boot-level access to the phone's internal software.

"What I am releasing today is not a full jailbreak with Cydia [an alternative package manager for jailbroken iOS devices], just an exploit," axi0mX wrote. "Researchers and developers can use it to dump SecureROM [the boot ROM code], decrypt keybags [the escrow memory with the keys for all encrypted data on the device] with AES engine, and demote the device to enable JTAG. You still need additional hardware and software to use JTAG." (JTAG is "Joint Test Action Group," an interface used for verifying printed circuit boards sometimes leveraged in forensic examination of smartphones.)

Read 3 remaining paragraphs | Comments

via Biz & IT – Ars Technica https://ift.tt/2nND9xa

Comments