A company that sells spyware and hacking tools to government agencies has released details of a vulnerability in Apple chips that could potentially help hackers unlock older iPhones.
This release opens the door for other iOS vulnerability researchers, such as those working for governments or their contractors, to develop effective iPhone hacks, provided they can find additional vulnerabilities to chain along with it. This could help security researchers develop the so-called iPhone jailbreak, a technique to hack into Apple’s mobile operating system and remove all the restrictions the company places on it.
The release is also a reminder that while Apple has made iPhones extremely difficult to hack, there are and always will be vulnerabilities that sophisticated hackers can exploit to break into.
On Friday, Paradigm Shift, an aggressive cybersecurity firm based in Barcelona, published a blog post about the vulnerability, which he named “usbliter8”. The company too published a proof of concept This shows how to exploit the vulnerability, which requires physical access to the target phone.
The flaw and related exploit affect iPhones with Apple’s A12 and A13 chips, which were released in 2018 and 2019 and are included in older iPhones such as the XS, XR and up to the iPhone 11.
usbliter8’s release is significant in the world of security research and spyware and hacking tool makers, but it doesn’t mean that older iPhones can be easily hacked by anyone.
The bug detected by Paradigm Shift affects the iPhone Bootable ROMwhich is the first piece of code that runs when an iPhone is turned on and thus its first line of defense against hackers. In order to hack an iPhone with physical access to it—that is, to be able to plug a cable into it—hackers must first exploit the Boot ROM. Now, they can do this thanks to usbliter8, which allows them to defeat and potentially bypass further security checks.
Paradigm Shift wrote on its blog that “since these vulnerabilities are in unchanged code, affected users should be aware that migrating to newer hardware remains the most effective mitigation.”
In other words, since the Boot ROM is written to the chip, it cannot be changed and defects in it cannot be fixed.
In general, companies that sell systems to hack iPhones seized by the authorities, such as Cellebrite and Magnet Forensics need and probably already have techniques similar to usbliter8 available to break into iPhones. However, hackers still need to incorporate other techniques to access user data stored on the phone.
Public jailbreak of iPhone were relatively common in the pastbut they have become rarer in the last decade. Jailbreaking an iPhone is often the first step in investigating other vulnerabilities in the system. Researchers — intention for finding valuable iPhone flaws and ways to exploit them — have little incentive to release this information, because doing so would lead to Apple fixing the flaws and driving away the researchers.
Paradigm Shift did not respond to a series of questions related to usbliter8.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
