New iOS exploit checkm8 allows permanent compromise of iPhones
Credit to Author: Thomas Reed| Date: Fri, 27 Sep 2019 16:48:42 +0000
This morning, an iOS researcher with the Twitter handle @asi0mX announced the release of a new iOS exploit named checkm8 that promises to have serious consequences for iPhone and iPad hardware. According to the Tweet, this exploit is a “permanent unpatchable bootrom exploit,” capable of affecting devices from 4S up to the iPhone X.
But what, exactly, does this mean? First, let’s explain what bootrom is. A bootrom is a read-only memory chip containing the very first code to load when a system starts up. Since bootrom code is the core of the device’s startup process, and it shouldn’t be possible to change it, compromising that code is the Holy Grail of hacking.
Although such chips can be “flashed” to change their code, that should require a level of physical access to the chip that is not supposed to be possible. For example, if you had access to a blank chip at the factory, with the right hardware, you could write whatever you wanted to it. It certainly shouldn’t be possible via software.
And yet, according to @axi0mX, that is not only possible, but the code needed to do so is now freely available on GitHub.
This exploit is not a jailbreak, which would provide the capabilities to install arbitrary software, get root permissions, and escape the sandbox. However, it would lower the bar for jailbreaking the device significantly, and is particularly concerning because of the fact that it is located in a place where it can’t be fixed without replacing the hardware.
If you’re an iOS security researcher, this will likely be the most exciting thing you’ll hear all year—possibly even for your entire career to-date. However, I foresee a lot of fear, uncertainty, and doubt among most other people reading this news. So, what’s the real-world impact of this release?
Devices affected
The devices that are vulnerable to checkm8 include the following:
- iPhones from the 4s up to the iPhone X
- iPads from the 2 up to the 7th generation
- iPad Mini 2 and 3
- iPad Air 1st and 2nd generation
- iPad Pro 10.5-inch and 12.9-inch 2nd generation
- Apple Watch Series 1, Series 2, and Series 3
- Apple TV 3rd generation and 4k
- iPod Touch 5th generation to 7th generation
This is probably not an exhaustive list, and as @axiOmX mentions, more will be added.
However, the version of iOS/iPadOS/watchOS/tvOS should not matter at all, as Apple will not be able to patch this in software updates. Only purchasing a whole new, updated device would fix the problem. Apple’s A12 and later chips, used in newer devices (iPhone Xs, iPhone XR, iPhone 11 series, 3rd generation iPad Pros) are not vulnerable.
Implications
It’s important to understand that checkm8 is not a remote exploit. To compromise your iPhone, an attacker would need to have it in his hands physically. That’s the upside. The downside is that, although this has not been confirmed yet, it appears that the exploit does not require the device to be unlocked.
At this time, it’s not known if an attacker is able to compromise the bootrom of an iOS device by tricking users into visiting a malicious website. The key word, though, is “at this time.” It’s entirely possible someone could chain together other vulnerabilities in iOS to make remote exploit possible. In fact, judging from some others claiming to have found (and not disclosed) this bug earlier, it may already have happened and been kept secret.
It’s hard to find any good news here for Apple and iOS users, but there are a few positives. First, this exploit hasn’t been weaponized yet, as far as anyone is aware. Though, of course, it could already be in secret use by criminals, forensics companies like Cellebrite and Grayshift, and surveillance companies like NSO.
Second, any means that may exist to make checkm8 remotely exploitable would rely on vulnerabilities in iOS. Although Apple cannot patch the bootrom vulnerability in affected devices, they certainly can patch iOS software. Thus, any such remote exploit chains could be killed off by Apple—once they are discovered by Apple, of course.
Third, many files on the device will be encrypted. Even if the device is compromised at the hardware level and jailbroken, that doesn’t automatically give the attacker access to the contents of those files. (Of course, it would still be possible to install malware that could potentially get access to the unencrypted contents of those files in the course of normal usage of the device.)
Finally, if you’re lucky enough to have the latest hardware, you’re safe from checkm8. Apple’s king takes the exploit rook for the win.
Possible applications
Besides the obvious threat of criminal activity, there are actually some beneficial possible uses of checkm8.
For security researchers, this is a huge boon, which should help them analyze any version of iOS that will run on an iPhone X or older. Since iOS research really can’t be done on a device that hasn’t had security restrictions lifted somehow, this will likely become one of the most important tools in researchers’ toolkits. This can benefit iOS users, as it can enable researchers to locate issues and report them to Apple.
For law enforcement, and the companies that help them unlock iPhones, this is huge. (Assuming, of course, that companies like Grayshift and Cellebrite weren’t already aware of this vulnerability.) The checkm8 exploit could be used to give them a permanent window into all but the more recent devices.
There’s debate as to how beneficial this is for users, though. On the one hand, we want law enforcement to do their jobs. On the other hand, law enforcement abuses are a problem, especially for disadvantaged minorities. Using this exploit as leverage for surveillance or other abuses of privacy rights could leave users with few options to fight back.
The reputation of iOS
Following on the heels of the report from Google Project Zero on China’s recent use of 14 different vulnerabilities to infect iPhones owned by Uyghurs with malware, this adds to the tarnish on iOS’ reputation for security. iOS has long been known as the most secure mainstream mobile system on the planet. However, these incidents lead to hard questions about whether that’s still the case.
Of course, Android devices are no strangers to these problems, either. In fact, if you search the Internet for “flash bootrom,” you’ll come up with lots of instructions on how to do this for various Android devices. On the iOS side, up until now, you’d have just found people saying it wasn’t possible.
Still, this is a serious problem. If used in the wild, it will be difficult to determine whether a device has been compromised by checkm8, due to the extremely closed nature of iOS. As with the Project Zero findings from last month, this is yet another reason that Apple needs to provide more visibility into the status of iOS. Even just being able to inspect the list of running processes without jailbreaking would be a move in the right direction.
Checkmate for iOS?
Make no mistake, this is a serious issue for Apple and iOS security. checkm8 could potentially usher in a new era of widespread iOS malware and surveillance on all but the most current devices. What’s important to note here is that, so far, checkm8 only represents potential danger. After the initial flurry dies down, we may never hear from this exploit again.
Based on what we currently know, I don’t see checkm8 as something that should drive people away from iOS permanently. Personally, as much as this concerns me, I’ll continue using my iPhone X until I have a bigger reason to upgrade. Perhaps that reason will be new developments in the checkm8 story; or perhaps it will be the inevitable failure of the battery a few years from now. Only time will tell.
The post New iOS exploit checkm8 allows permanent compromise of iPhones appeared first on Malwarebytes Labs.