Unpatchable Apple chip flaw enables new iPhone jailbreak
▼ Summary
– A company called Paradigm Shift published details of a vulnerability, named “usbliter8,” in Apple chips A12 and A13, affecting older iPhones like the XS, XR, and iPhone 11.
– The vulnerability exists in the iPhone’s Boot ROM, which is the first line of defense and cannot be patched because it is burned into the chip.
– Exploiting usbliter8 requires physical access to the target phone and allows hackers to bypass initial security checks, but additional vulnerabilities are needed to fully hack the device.
– The release is significant for security researchers and spyware makers, but it does not make older iPhones easily hackable by anyone.
– Paradigm Shift advised affected users that migrating to newer hardware is the most effective mitigation, as the flaw is in immutable code.
A security firm specializing in government-grade spyware and hacking tools has disclosed a critical vulnerability in Apple’s chips, potentially enabling hackers to unlock older iPhones. The disclosure, made by Barcelona-based Paradigm Shift, details a flaw they named “usbliter8.” This unpatchable vulnerability resides in the iPhone’s Boot ROM, the foundational code executed when a device powers on, making it the first line of defense against unauthorized access.
The release of this exploit is a major development for security researchers and the spyware industry, but it does not mean older iPhones are suddenly easy targets for the average hacker. The vulnerability affects devices powered by Apple’s A12 and A13 chips, released in 2018 and 2019, which are found in models like the iPhone XS, XR, and up to the iPhone 11. Because the Boot ROM is burned directly into the chip’s hardware, it cannot be altered or patched through a software update. As Paradigm Shift noted in its blog, “as these vulnerabilities reside in immutable code, affected users should be aware that migrating to newer hardware remains the most effective mitigation.”
Exploiting usbliter8 requires physical access to the target phone, meaning an attacker must connect a cable to the device. Once that access is achieved, the exploit allows hackers to bypass subsequent security checks, effectively opening the door for a full iPhone jailbreak. A jailbreak removes Apple’s software restrictions, allowing deeper access to the operating system. For security researchers, this is often the first step in discovering further vulnerabilities. However, companies like Cellebrite and Magnet Forensics, which sell hacking tools to law enforcement, likely already have similar techniques at their disposal.
While public iPhone jailbreaks were once common, they have become far rarer over the past decade. Researchers who find valuable flaws have little incentive to release them publicly, as doing so prompts Apple to patch the vulnerability and reset their progress. The usbliter8 disclosure changes that dynamic, giving other researchers a foundational exploit to build upon. Still, hackers will need to chain additional techniques to access user data stored on the phone. Paradigm Shift did not respond to questions about the vulnerability, but their publication serves as a stark reminder that even the most secure devices contain flaws that sophisticated attackers can exploit.
(Source: TechCrunch)
