Last month, a developer called Axi0mx released an Iphone crack called Checkm8, which attacks a defect in the Ios bootrom, a low-level piece of code that has not been successfully attacked since 2010. The bootrom is read-only, making its defects effectively unpatchable, short of removing the chip and swapping it for one with more robust code (the attack also works on version 1, 2 and 3 Apple Watches).
The crack targets 11 generations of Iphones (though not the most recent ones), and it has important limitations: it has to be run every time the device reboots, and requires physical access at boot-time in order to execute. Despite this, as Dan Goodin notes at Ars Technica, “Checkm8 is going to benefit researchers, hobbyists, and hackers by providing a way not seen in almost a decade to access the lowest levels of iDevices.”
Axiomx and Goodin discussed the crack, and Axiomx points out that some affected devices can be seriously compromised by Checkm8: Iphones without the “secure enclave” trusted module can be attacked with Checkm8 to bypass the unlock PIN. The secure enclave is present in Iphones from the model 6 and above, but Iphone 5s and earlier models are seriously compromised by this attack.
In the meantime, Axiomx holds out hope for security researchers who want to explore other Ios vulnerabilities without subjecting themselves to the strictures of Apple’s security program, and for people who want to install apps from alternative app stores.
axi0mX: If you have a few minutes, I have more things that you may find interesting:Apple has been making jailbreaks very difficult. Things were much better a couple years ago. Before about 2016 there were regular jailbreaks that worked well and a lot of people could jailbreak your phone. That changed with iOS 9, and jailbreaks no longer had persistence, and they were not even reliable. So you would have to try a couple of steps before the jailbreak worked. Jailbreaking became inaccessible to people because you couldn’t get a phone, even an older phone, and jailbreak it, and customize it, and make software that changes things about the phone. People were saying “jailbreaking is dead” because it’s not what it used to be.
Now, the reason [Checkm8] is so great for iOS jailbreakers is people will be able to just get an iPhone X and then be able to jailbreak it on any [iOS] version. That is great because that means anyone can decide to jailbreak and sit down at their computer, connect their phone, and be jailbroken in not much time.
Now, what I released today doesn’t allow you to jailbreak your phone completely with Cydia and other things you would expect from a jailbreak, but that will come soon. And you will be able to jailbreak your phone pretty much anytime you want and on the latest version. And that latest version part is also important, because in the past when people were jailbreaking phones, they had to stay on an older version of the operating system in order for it to have the vulnerabilities that they were using to jailbreak.
Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer [Dan Goodin/Ars Technica]