checkm8 BootROM exploit affects millions of Apple devices

checkm8-BootROM-exploit-affects-millions-of-Apple-devices.jpg
0/5 No votes
Developer
--
--

Report this app

Description

checkm8 BootROM exploit affects millions of Apple devices

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
iOS hacker axi0mX recently made public a new unpatchable exploit called “checkm8”. This BootROM exploit threatens millions of iPhone and iPad devices.     

CHECKM8 BOOTROM EXPLOIT THREATENS IPHONE X AND OLDER DEVICES
axi0mX‘s latest exploit – checkm8 – affects hundreds of millions of Apple devices. This is quite rightly the biggest thing to ever happen in the security research and jailbreaking scene.

Until now, the last major Apple device, which had a public BootROM exploit, was iPhone 4 (A4 chip). For the uninitiated, BootROM exploits are the holy grail of all iOS exploits since they affect the device’s hardware, not its software.

According to axi0mX, security researchers and hackers can use this exploit to perform the following actions –

  • Decrypt keybags using AES engine
  • Enable JTAG (requires additional hardware and software) 
  • Dump the SecureROM

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
All iPhone and iPad devices that possess A5-A11 Bionic chips are vulnerable (iPhone 4S to iPhone X, 8, and 8 plus) to checkm8.

Hackers have released plenty of BootROM exploits in the past; for instance – SHAtter and Limera1n. However, none of those exploits affected such a wide range of models. 

AFFECTED DEVICES
A5
iPhone 4S
iPad 2
iPad Mini
iPod Touch (5th generation)
A6
iPhone 5
iPhone 5C
A6X
iPad (4th generation)
A7
iPhone 5S
iPad Air
iPad Mini 2
iPad Mini 3
A8
iPhone 6
iPhone 6 Plus
iPad mini 4
iPod touch (6th generation)
A8X
iPad Air 2

A9
iPhone 6S
iPhone 6S Plus
iPhone SE
iPad (2017) 5th Generation
A9X
iPad Pro (12.9-inch) 1st generation
iPad Pro (9.7-inch)
A10 FUSION
iPhone 7
iPhone 7 Plus
iPad (2018) 6th generation
iPod touch (2019) 7th generation
iPad (2019) 7th generation
A10X FUSION
iPad Pro 10.5-inch (2017)
iPad Pro 12.9-inch (2017) 2nd generation
A11 BIONIC
iPhone 8
iPhone 8 Plus
iPhone X

WHAT IS BOOTROM AND HOW BOOTROM EXPLOITS WORK 

Simply put, BootROM is the first executed code while your Apple device boots.

Apple cannot fix such a BootROM exploit by rolling out a new iOS firmware update as they usually do.

Manufacturers can only patch hardware-based exploits by releasing new models or by manually replacing the hardware of existing devices, which is unrealistic.

So, once we get a jailbreak, affected devices are jailbroken for life – on all iOS versions.

WHAT NEXT?
While a BootROM exploit can potentially lead to an untethered jailbreak, checkm8 cannot be used to develop an untether.     

It is a nonpersistent or tethered exploit, meaning you will need to connect to your iPhone or iPad to a computer to reboot to jailbroken state.

To develop an untethered jailbreak, developers require a “persistent” exploit that has root access even after the user reboots the device.       

Nevertheless, it’s almost unreal that axi0mX has decided to release his exploit publicly considering how valuable it is.

Generally, security companies and bug bounty programs offer bounties over $1 million for hardware exploits such as checkm8.   

As of now, no developer has announced any checkm8-based project for iPhone X and older models. But as time passes by, you can expect a whole lot of jailbreak goodies to be released.

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js