Often, when new iOS jailbreaks become public, the event is sweeter. Exploitation, allowing people to get around the limitations that Apple puts into the mobile operating system, allows amateurs and researchers to personalize their devices and get valuable impressions that can peek under the covers. This benefit counteracts the threat that the same jailbreak will give hackers a new way to install malware or unlock iPhones that have been lost, stolen, or confiscated by malicious authorities.
Checkm8 was released on Friday. Unlike almost every jailbreak operation launched in the last nine years, it targets the iOS bootrom, which contains the first code to run when iDevice is turned on. Because bootrom is stored in read-only memory inside the chip, the jailbreak vulnerabilities that reside there cannot be fixed.
Checkm8 was developed by a hacker using the handle axi0mX . He is the developer of another jailbreak-enabled exploit called alloc8, which was released in 201
Checkm8 is different. It runs on 11 generations of iPhones, from 4S to X. Although it doesn't work on newer devices, Checkm8 can escape the jailboats of hundreds of millions of devices used today. And since the bootrom can't be updated after the device is manufactured, Checkm8 will be able to shut down forever.
I wanted to learn how Checkm8 would shape the iPhone experience – especially in terms of security – so I spoke at length with axi0mX on Friday. Thomas Reed, director of supply for Mac at security firm Malwarebytes, joined me. The transition from the long interview is:
- Checkm8 requires physical access to the phone. It cannot be performed remotely, even if combined with other feats
- Operation only allows bound jailbreak, which means that it lacks constancy. Operation must be started each time iDevice is started.
- Checkm8 does not bypass the security offered by Secure Enclave and Touch ID.
- All of the above means that people will only be able to use Checkm8 to install malware in very limited circumstances. The above also means that Checkm8 is unlikely to make it easier for people who find, steal, or confiscate a vulnerable iPhone, but do not have an unlock PIN to access the data stored on it.
- Checkm8 will benefit researchers, hobbyists and hackers by providing a way that has not been observed in nearly a decade to access the lowest levels of iDevices.
Read on to find out in axi0mX's own words why he thinks this is so:
Dan Goodin: Can we start with the broad details? Can you describe at a high level what Checkm8 is or isn't?
axi0mX: It's exploitation, and it means it can bypass the protection Apple has built into the bootrom of most recent iPhones and iPads. It can compromise it so that you can run any bootrom code you want. This is something that was common years ago at the time of the first iPhones and iPhone 3Gs and iPhone 4. There were boomers [then] so that people could kill their phone by charging and that would not be possible later.
The last bootrom operation that was released was for the iPhone 4 in 2010, I believe from Geohot. After that it was not possible to use an iPhone at this level. All jailbreaks [that] were made later on [happened] after the operating system was loaded. The reason that bootrom is special is part of the chip Apple made for the phone. So whatever code is put there in the factory, it will be there for the rest of your life. So if there is any vulnerability inside the bootrom, it cannot be patched.
Sustainability and secure enclave
DG: When we talk about things that can't change, we're talking about a glitch. How about changing the device itself? Is this permanent, or after restarting the phone, is it back to its original state?
A: This operation only works in memory, so there is nothing to be saved after restarting. After you restart the phone … then your phone returns to its unused state. This does not mean that you cannot do other things because you have full control over the device, which would change things. But the operation itself does not actually make any changes. It's all until you restart the device.
DG: In a scenario in which a police or thief gets a vulnerable phone but does not have a PIN to unlock, will they be helped in any way by this feat? Does this feat allow them to access parts of this phone or do things with this phone that they would not otherwise be able to do?
A: The answer is "It depends." Before Apple introduced Secure Enclave and Touch ID in 2013, you didn't have extensive security measures in place. For example, the phone [San Bernardino gun man’s] which was known to be unlocked [by the FBI] – the iPhone 5c – which had no enclave. So in this case, this vulnerability would allow you to get the PIN code very quickly and access all the data. But for almost all current phones, from iPhone 6 to iPhone 8, there is a secure enclave that protects your data if you don't have a PIN.
My feat does not affect Secure Enclave at all. It only allows you to get device code execution. This does not help you to start the PIN because it is protected by a separate system. But for older devices that have been withdrawn for some time, for those devices like the iPhone 5 there is no separate system, so in this case you could [access data] quickly [without an unlock PIN].
DG: So this exploit won't be of much use to a person who has this device [with Secure Enclave] but doesn't have a PIN, right?
A: If you benefit from having access to your data, then yes, that's right. But they may still have purposes other than access to your data, and in that case they may be of some use.
DG: Are you talking about creating some backdoor that after the owner enters a PIN code that will be sent to the attacker, or a similar scenario?
A: For example, if you leave your phone in a hotel room, it is possible that someone did something on your phone that causes it to send all the information to the computer of some bad actor.
DG: And this will happen after the rightful owner has returned and entered his PIN?
A: Yeah, but it's not really a scenario that I would worry much about because attackers at that level … would be more likely to make you go to a bad web site or connect to a bad Wi-Fi hotspot in a remote exploit scenario Attackers don't like being near. They want to be away and hidden.
In this case, [involving Checkm8] they will have to physically hold your device in your hand and have to connect a cable to it. It requires access that most attackers would like to avoid.