New Unpatchable Exploit Targets Apple Devices With A12 and A13 Chips (9to5mac.com) 39
Researchers have disclosed a new unpatchable BootROM exploit affecting Apple devices with A12, A13, S4, and S5 chips. The attack requires physical USB access and DFU mode, but can let an attacker run code before iOS loads, bypass signature checks, and boot modified software. 9to5Mac reports the details: In a highly detailed technical post published today, the Paradigm Shift Team details usbliter8, a new exploit that "leverages both a hardware bug in the USB controller and a specific configuration flaw present in the device firmware" and cannot be patched. The PS Team explains that ahead of today's disclosure, it shared its findings and worked with Apple Product Security to coordinate the release. The researchers also thanked Apple's security team for its "prompt response, constructive engagement, and cooperation throughout" the process.
In a nutshell, this bug affects the following Apple SoCs: A12, S4, S5, and A13. [...] They add that "technical support for A12X/Z is possible," but "it is not currently implemented." That could add the 2018 and 2020 iPad Pro lineups to the list. The way usbliter8 works is: it sends specially crafted data to a device over USB while it is in DFU mode, confusing the USB controller and causing it to write data to the wrong part of memory. That gives an attacker with physical access to the device control over its startup process. From there, they can run their own code before iOS loads, bypass signature checks, and boot modified system software.
Importantly, the exploit does not affect or compromise the device's Secure Enclave, which in practice means that data such as passcodes and encrypted user data remain secure. That said, PS Team says that "although usbliter8 doesn't affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave," adding that "by releasing this exploit publicly, we hope to highlight the real-world impact of these hardware flaws and contribute to a broader understanding of modern SecureROM security." [...] Given that this is also an unpatchable exploit, the researchers note that "affected users should be aware that migrating to newer hardware remains the most effective mitigation."
In a nutshell, this bug affects the following Apple SoCs: A12, S4, S5, and A13. [...] They add that "technical support for A12X/Z is possible," but "it is not currently implemented." That could add the 2018 and 2020 iPad Pro lineups to the list. The way usbliter8 works is: it sends specially crafted data to a device over USB while it is in DFU mode, confusing the USB controller and causing it to write data to the wrong part of memory. That gives an attacker with physical access to the device control over its startup process. From there, they can run their own code before iOS loads, bypass signature checks, and boot modified system software.
Importantly, the exploit does not affect or compromise the device's Secure Enclave, which in practice means that data such as passcodes and encrypted user data remain secure. That said, PS Team says that "although usbliter8 doesn't affect SEP itself, it opens up wider attack vectors to compromise the Secure Enclave," adding that "by releasing this exploit publicly, we hope to highlight the real-world impact of these hardware flaws and contribute to a broader understanding of modern SecureROM security." [...] Given that this is also an unpatchable exploit, the researchers note that "affected users should be aware that migrating to newer hardware remains the most effective mitigation."
Fan of owning your own device (Score:5, Interesting)
I am fan of owning your own device so I generally consider a positive thing when this stuff happens, provide the exploit path requires physical device access that inst possible to do superstitiously, IE tether then thing and put it in DFU mode, with the full restart that implies, vs pairing some bluetooth thing or something and exploiting the running OS.
Yeah I get it it means it isnt secure to travel with it - fair argument.
This though is almost cruel to release. Most of the affected devices are old enough Apple will probably just move up their end of support plans for them. Probably harms more people trying to save a buck and hang on to old kit, than helps people who might like to play with it without the lock down..
Re: (Score:3)
Re: (Score:2)
I agree, but unfortunately there doesn't seem to be much of an iPhone jailbreaking community anymore. Which is too bad... jailbreak tweaks introduced a lot of the more innovative features which eventually found their way into iOS proper.
Re: (Score:2)
I agree, but unfortunately there doesn't seem to be much of an iPhone jailbreaking community anymore. Which is too bad... jailbreak tweaks introduced a lot of the more innovative features which eventually found their way into iOS proper.
Maintaining a reasonably secure jaibroken iPhone was a pain when I did it a long time ago. That is probably why. Eventually I decided fighting my phone vendor was silly and switched to Android/CM/Lineage.
Re: (Score:2)
Oh for sure! Running any of the jailbreaks for iPhones has mostly meant installing a huge heap of packages from Gwd Only Knows Where
Useful for having a run-time environment to study an application from you do plan to use on an uncompromised device, perhaps for reusing older hardware for some other non security critical use case, but no frigging way would I consider using a jailbroken phone as my actual phone, with real contacts and access to real data and accounts I care about on it.
Re: (Score:2)
Apple buyback? (Score:2)
Where's the Apple buyback or warranty fix for defective devices?
They are out of support warranty period, though for fundamental unpatchable security holes a 10 year window of buyback is needed.
And buyback at a percentage of the most recent equivalent device's retail price, not a pro-rated 3% off of buying a new device.
The EU has laws about fitness of purpose.
Re: (Score:2)
We'd still be way way better off if we could just get devices that let us run our own stuff in the first place.
Doing it this way forces people to choose between having usable or secure devices.
Re: (Score:2)
Enjoy! https://pine64.org/devices/pin... [pine64.org]
Re: (Score:2)
If they could be bothered to make one with as much power as a 5 year old flagship i'd probably already own one.
Re: (Score:2)
If only my Pine64 hadn't killed itself in less than a year, I might trust them to do hardware. I wouldn't buy a raspiphone either.
Re: (Score:2)
You can own it and with a little work I can pwn it.
Re: (Score:2)
Re: (Score:2)
Keep that thing in your pants, gooner. You're right, no one wants to get sprayed.
superstitiously?surreptitiously (Score:3)
I guess it would be possible to do it superstitiously, perhaps with the aid of some ghosts.
Re: (Score:2)
Sure, but border guards and spooks probably already had this exploit so the difference is minor. Their PoC page also says there's no access to Secure Enclave so perhaps the damage is minimal?
Curiously I saw some commits for an iPhone platform in LineageOS a month or two ago. Perhaps an option for EoL Apple hardware with working exploits.
Yeah, but the travel argument... (Score:2)
... kinda never was valid. After all, countries like the US can already force Apple to comply to their will... and companies like Apple or Google have no motivation to admit that they are doing it. Mock trials can be arranged easily while, in the background, such cooperation is already happening.
Or to put it differently, Apple can already get at that data.
Re: (Score:2)
It doesn't seem that bad anyway. They can run arbitrary code, for that boot... But the flash encryption key is in the secure enclave, right? So all the user's data is safe, the OS can't be tampered with, and since it's only in memory a power cycle or probably even just a reboot will clear it.
I'm sure some Israeli company is working on a chained exploit as we speak, but I think if you are concerned about that you probably want to avoid Apple devices anyway. They are a very popular target for those companies.
Apple abandons old hardware with abandon (Score:2)
Not quite accurate (Score:2)
"Oh yeah?" - person with epoxy resin mix.
Re: Not quite accurate (Score:2)
That will make it rather difficult to charge your iPad.
Re: (Score:2)
Even safer!
Inductive (Score:2)
Re: Inductive (Score:2)
Which iPad has that?
Re: (Score:2)
Re: Inductive (Score:2)
Which is why you comment on things you do not understand. Got it.
The Year of Linux on iPhone? (Score:2)
Re: (Score:2)
Probably not.
Who.. (Score:2)
So... a big bonus for law enforcement and device owners, not that useful to hackers?
The attack requires physical USB access (Score:2)
Re: (Score:3)
unpatchable (Score:2)