UPDATE 9/27, 11:00am: Updated for the misconception that the bootrom was actually being modified. Apparently, the “permanent” only refers to the fact that the bug is in the bootrom, where it cannot be patched.
UPDATE 9/27, 12:15am: After speaking with @axi0m8, clarified a few other points, including the fact that this cannot be exploited remotely.
This morning, an iOS researcher with the Twitter handle @axi0mX announced the release of a new iOS exploit named checkm8 that promises to have serious consequences for iPhone and iPad hardware. According to the Tweet, this exploit is a “permanent unpatchable bootrom exploit,” capable of affecting devices from 4S up to the iPhone X.
But what, exactly, does this mean? First, let’s explain what bootrom is. A bootrom is a read-only memory chip containing the very first code to load when a system starts up. Since bootrom code is the core of the device’s startup process, and it shouldn’t be possible to change it, finding a bug in that code is the Holy Grail of hacking.
According to @axi0mX, such a bug exists, and the code needed to exploit it is now freely available on GitHub.
This exploit is not a jailbreak, which would provide the capabilities to install arbitrary software, get root permissions, and escape the sandbox. However, it would lower the bar for jailbreaking the device significantly, and is particularly concerning because of the fact that it is located in a place where it can’t be fixed without replacing the hardware.
If you’re an iOS security researcher, this will likely be the most exciting thing you’ll hear all year—possibly even for your entire career to-date. However, I foresee a lot of fear, uncertainty, and doubt among most other people reading this news. So, what’s the real-world impact of this release?
The devices that are vulnerable to checkm8 include the following:
- iPhones from the 4s up to the iPhone X
- iPads from the 2 up to the 7th generation
- iPad Mini 2 and 3
- iPad Air 1st and 2nd generation
- iPad Pro 10.5-inch and 12.9-inch 2nd generation
- Apple Watch Series 1, Series 2, and Series 3
- Apple TV 3rd generation and 4k
- iPod Touch 5th generation to 7th generation
This is probably not an exhaustive list, and as @axiOmX mentions, more will be added.
However, the version of iOS/iPadOS/watchOS/tvOS should not matter at all, as Apple will not be able to patch this in software updates. Only purchasing a whole new, updated device would fix the problem. Apple’s A12 and later chips, used in newer devices (iPhone Xs, iPhone XR, iPhone 11 series, 3rd generation iPad Pros) are not vulnerable.
Although checkm8 will work even on a locked device, it’s important to understand that checkm8 is not a remote exploit. To compromise your iPhone, an attacker would need to have it in his hands physically. The device would need to be connected to a computer and put into DFU (Device Firmware Upgrade) mode in order to exploit it.
The checkm8 vulnerability itself is not sufficient to install persistent malware on a device. However, it could potentially be chained together with other vulnerabilities in iOS to gain that level of access.
This exploit hasn’t been weaponized yet, as far as anyone is aware. Though, of course, it could already be in secret use by criminals, forensics companies like Cellebrite and Grayshift, and surveillance companies like NSO.
It’s also important to keep in mind that many files on the device will be encrypted. Even if the device is jailbroken, that doesn’t automatically give the attacker access to the contents of those files. Of course, it would still be possible to install malware that could potentially get access to the unencrypted contents of those files in the course of normal usage of the device.
Finally, if you’re lucky enough to have the latest hardware, you’re safe from checkm8. Apple’s king takes the exploit rook for the win.
Besides the obvious threat of criminal activity, there are actually some beneficial possible uses of checkm8.
For security researchers, this is a huge boon, which should help them analyze any version of iOS that will run on an iPhone X or older. Since iOS research really can’t be done on a device that hasn’t had security restrictions lifted somehow, this will likely become one of the most important tools in researchers’ toolkits. This can benefit iOS users, as it can enable researchers to locate issues and report them to Apple.
For law enforcement, and the companies that help them unlock iPhones, this is huge. (Assuming, of course, that companies like Grayshift and Cellebrite weren’t already aware of this vulnerability.) The checkm8 exploit would need to be chained together with other vulnerabilities to be useful, but would be attractive as a link in the chain since it cannot be patched by Apple.
There’s debate as to how beneficial this is for users, though. On the one hand, we want law enforcement to do their jobs. On the other hand, law enforcement abuses are a problem, especially for disadvantaged minorities. Using this exploit as leverage for surveillance or other abuses of privacy rights could leave users with few options to fight back.
The reputation of iOS
Following on the heels of the report from Google Project Zero on China’s recent use of 14 different vulnerabilities to infect iPhones owned by Uyghurs with malware, this adds to the tarnish on iOS’ reputation for security. iOS has long been known as the most secure mainstream mobile system on the planet. However, these incidents lead to hard questions about whether that’s still the case.
Of course, Android devices are no strangers to these problems, either. In fact, if you search the Internet for “flash bootrom,” you’ll come up with lots of instructions on how to actually change the bootrom for various Android devices.
Still, this is a serious problem. If used in the wild, it will be difficult to determine whether a device has been compromised, due to the extremely closed nature of iOS. As with the Project Zero findings from last month, this is yet another reason that Apple needs to provide more visibility into the status of iOS. Even just being able to inspect the list of running processes without jailbreaking would be a move in the right direction.
Checkmate for iOS?
Make no mistake, this is a serious issue for Apple and iOS security. What’s important to note here is that, so far, checkm8 only represents potential danger. After the initial flurry dies down, it’s possible we may never hear of anything malicious being done with checkm8.
It’s also highly likely that this will be used for positive ends, by security researchers who want to better understand iOS and help to make it more secure.
I don’t see checkm8 as something that should drive people away from iOS. Personally, as much as a permanent vulnerability in my phone’s bootrom concerns me, I’ll continue using my iPhone X until I have a bigger reason to upgrade. Perhaps that reason will be new developments in the checkm8 story; or perhaps it will be the inevitable failure of the battery a few years from now. Only time will tell.