A newly announced iOS exploit according to hundreds of researcher axi0mX could lead to a permanent, non-blockable jailbreak on hundreds of millions of iPhones. Post-synchronizedcheckm8, & # 39; Is the exploit a vulnerability to bootroms that could give hackers in-depth access to iOS devices at a level that Apple could not block or patch with a future software update. That would make it one of the biggest developments in the iPhone hacking community in years.
EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanently non-customizable bootrom exploit for hundreds of millions of iOS devices.
Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG
– axi0mX (@ axi0mX) September 27, 2019
The exploit is specifically a bootrom exploit, which means that it benefits from a security issue in the first code that iOS devices load when they boot. And because it is ROM (read-only memory), it cannot be overwritten or patched by Apple via a software update, so it's here to stay. It is the first exploit at bootrom level that has been publicly released for an iOS device since the iPhone 4, which was released almost ten years ago.
In a follow-up tweet, axi0mX explained that they have released the exploit to the public because a & # 39; bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers can jailbreak their phones in the latest version and they don't have to wait for older iOS versions for a jailbreak. They will be safer. "
Hundreds of millions of iPhone devices are hit by the exploit: every device that starts with an iPhone 4S (A5 chip) through the iPhone 8 and iPhone X (A11 chip) is vulnerable, although it appears that Apple is the fault in the A12 has restored last year's processors, meaning that iPhone XS / XR and 11/11 Pro devices are unaffected.
Apple did not respond to a request for comment.
It is still very early for the checkm8 exploit. There is no real jailbreak yet, which means that you cannot easily download a tool, crack your device and download apps and adjustments to iOS.
Crucial is that the vulnerability is still what jailbreakers are & # 39; tied & # 39; exploit, which means that it can only be activated via USB. It should also be enabled every time via a computer, which now limits the usefulness for a practical jailbreak. It is possible that the exploit results in an "unbound" jailbreak.
That said, assuming developers can use checkm8 as a starting point for iOS (which is currently a very large "if"), the possibilities are almost endless: permanently jail-broken devices that are not reset due to Apple software updates or withdrawn signatures, downgradable iOS devices that can be easily rolled back to previous versions of the software, dual-booting between multiple versions of iOS, and more.
There are also security issues. Handy actors can use the vulnerability to bypass Apple's iCloud account locks, which are used to disable stolen or lost devices, or to install poisonous versions of iOS that steal user information. Although Apple can patch the bootrom for its newer devices, the hundreds of millions of iPhones that are already available cannot be patched without replacing hardware.
The jailbreak scene of the iPhone, however, is not nearly as large as before. In the early days of the iPhone, cracking Apple & # 39; s devices to install custom software was much more attractive. At the time, there was no way to install third-party apps, and basic features – such as customizable home screen backgrounds, simple multitasking or the ability to copy and paste text – were missing, making jailbreaking the only way to get those Features. As time went on, iOS got more features complete, which meant that most users had less reason to jailbreak, and Apple got better at closing the vulnerabilities that allowed developers to jailbreak phones.
The value of iOS exploits has also increased enormously, with Apple's bug bounty program paying for exploits and shadowier groups that they want to use to hack iOS devices. That means there is less incentive for developers who do find jailbreakable exploits to release them. (A recent "flood" of exploits has pushed the price down on iOS only operates $ 2 million compared to $ 2.5 million on Android.)
There is still an active community of users who insist on having full control over their phones and tablets, but a combination of less demand for the benefits of jailbreaking and lack of major exploits (especially for newer devices / versions of iOS) has led to some stagnation in the community. In addition, there are now new alternatives such as AltStore, a recently launched solution for installing non-sanctioned apps on iOS devices without the hassle of jailbreak.
The new exploit is not the only recent development in the jailbreak space. During the summer Apple accidentally reversed a vulnerability in iOS, opening up modern devices for jailbreaks for the first time in years. And while the gap was quickly repaired, it caused a wave of jailbreaking iPhones.
It is too early to say whether the checkm8 will lead to a new golden age for hackable iPhones, although many members of the jailbreak subreddit are extremely optimistic. One user named that is is "literally the biggest thing about it ever happen in Jailbreaking ”due to the size of the exploit. Anyway, given the nature of the exploitation and the size of the devices it affects, it is something to follow in the future.