Key Facts
A cybersecurity firm has disclosed a vulnerability in Apple's A12 and A13 chips that could potentially allow hackers to jailbreak older iPhones. The vulnerability, named 'usbliter8', affects the iPhone's Boot ROM—the first code that runs when the device is powered on. This flaw was published by Paradigm Shift, an offensive cybersecurity company based in Barcelona, along with a proof-of-concept exploit.
Details of the Vulnerability
The usbliter8 vulnerability targets the Boot ROM of iPhones equipped with A12 and A13 chips, which were released in 2018 and 2019. These chips are found in models such as the iPhone XS, XR, and iPhone 11. The exploit requires physical access to the device, meaning a hacker must connect a cable to the iPhone to take advantage of the flaw. Once exploited, the vulnerability can bypass security checks, potentially allowing further attacks.
Impact and Implications
While the disclosure is significant for security researchers and spyware makers, it does not mean that older iPhones are easily hackable. The exploit is just one piece of a larger puzzle; hackers would need to chain it with other vulnerabilities to access user data. Companies like Cellebrite and Magnet Forensics, which sell hacking tools to authorities, likely already have similar techniques. However, the public release of usbliter8 could enable other researchers to develop jailbreaks, which have become rare in recent years.
What Users Should Know
Apple has made iPhones extremely secure, but no system is immune to vulnerabilities. Since the Boot ROM is immutable, the flaw cannot be patched. Paradigm Shift advises that migrating to newer hardware is the most effective mitigation. Users of affected iPhones should be aware that physical access to their device could potentially lead to exploitation, though the risk to average users remains low.
FAQ
- Which iPhones are affected by the usbliter8 vulnerability? The vulnerability affects iPhones with A12 and A13 chips, including iPhone XS, XR, and iPhone 11 models.
- Can the Boot ROM vulnerability be patched? No, because the Boot ROM is burned into the chip and is immutable, meaning it cannot be changed or patched.
- Is it easy to hack an iPhone using this vulnerability? No, the exploit requires physical access to the device and additional vulnerabilities to access user data.
Source: techcrunch.com