GoKawiilTL;DR A new BootROM vulnerability has been discovered in older iPhones using the A12 and A13 chips.
It uses a hardware bug in the USB controller to gain access to an iPhone’s startup process.
It can’t be patched, and the only way to mitigate it is to switch to a device with a newer processor.
iPhones are not immune to vulnerabilities and exploits. They’ve previously suffered hardware-level exploits like checkm8, and widespread, easy-to-use ones like DarkSword. Now, researchers have found and exploited a new hardware-level BootROM vulnerability on iPhones.
Researchers at Paradigm Shift published an extremely detailed post explaining the “usbliter8” exploit, which leverages a hardware bug in the USB controller and a firmware configuration flaw.
The exploit takes advantage of a flaw in the iPhone’s USB hardware. By sending specially crafted USB data during startup, an attacker can confuse the controller into writing data to the wrong area of memory. This occurs before iOS loads, allowing the attacker to gain control of the boot process and run unauthorized code on the device.
The attack is a bit harder to pull off on devices powered by Apple’s A13 chip because Apple added an extra security feature called Pointer Authentication (PAC). This protection is designed to stop attackers from hijacking important parts of the processor.
However, the researchers say they were still able to find a way around this protection and successfully exploit the chip.
Why Apple can’t fix this
Android often gets criticized for security issues, but the usbliter8 exploit is the kind of flaw that no software update can fix. The vulnerability lies in low-level hardware code permanently built into the affected chips. This code can’t be changed after a device leaves the factory, meaning Apple can’t fix the vulnerability through a software update.
... continue reading