Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday September 28 2019, @03:53PM   Printer-friendly
from the good-news-or-bad? dept.

Submitted via IRC for SoyCow9427

New "unpatchable" iPhone exploit could allow permanent jailbreaking on hundreds of millions of devices

All devices from the iPhone 4S to the iPhone X are impacted

A newly announced iOS exploit could lead to a permanent, unblockable jailbreak on hundreds of millions of iPhones, according to researcher axi0mX who discovered it. Dubbed "checkm8," the exploit is a bootrom vulnerability that could give hackers deep access to iOS devices on a level that Apple would be unable to block or patch out with a future software update. That would make it one of the biggest developments in the iPhone hacking community in years.

The exploit is specifically a bootrom exploit, meaning it's taking advantage of a security vulnerability in the initial code that iOS devices load when they boot up. And since it's ROM (read-only memory), it can't be overwritten or patched by Apple through a software update, so it's here to stay. It's the first bootrom-level exploit publicly released for an iOS device since the iPhone 4, which was released almost a decade ago.

In a follow-up tweet, axi0mX explained that they released the exploit to the public because a "bootrom exploit for older devices makes iOS better for everyone. Jailbreakers and tweak developers will be able to jailbreak their phones on latest version, and they will not need to stay on older iOS versions waiting for a jailbreak. They will be safer."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by darkfeline on Saturday September 28 2019, @08:58PM (7 children)

    by darkfeline (1030) on Saturday September 28 2019, @08:58PM (#900044) Homepage

    While jailbreaking allows you to replace the original OS, keep in mind that jailbreaking is actually a security vulnerability.

    Generally speaking, the ability to gain root access to a device is not considered a good thing. Imagine if someone could jailbreak a Linux server and gain root access.

    This makes you vulnerable to evil maid attacks, and is why secure boot was invented. This is especially bad on smartphones since average people tend to leave them laying around a lot.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1, Insightful) by Anonymous Coward on Saturday September 28 2019, @11:41PM

    by Anonymous Coward on Saturday September 28 2019, @11:41PM (#900087)

    This makes you vulnerable to evil maid attacks

    Given the choice between taking ownership of a device I paid money for, versus having a third party retain control and do whatever they choose, I'll take the former.

  • (Score: 4, Insightful) by hemocyanin on Sunday September 29 2019, @12:48AM (1 child)

    by hemocyanin (186) on Sunday September 29 2019, @12:48AM (#900117) Journal

    That's all understood, but I think many people feel that if a 3d party solely has root access, and refuses to let you have it, that's a worse situation.

    • (Score: 2) by darkfeline on Sunday September 29 2019, @10:40PM

      by darkfeline (1030) on Sunday September 29 2019, @10:40PM (#900568) Homepage

      If you have ever met (or think back to) any person outside of your narrow social circles, you would agree that giving the average user root access to their device is a very bad idea.

      --
      Join the SDF Public Access UNIX System today!
  • (Score: 2) by stormwyrm on Sunday September 29 2019, @03:37AM (2 children)

    by stormwyrm (717) on Sunday September 29 2019, @03:37AM (#900153) Journal
    That depends on who is really supposed to be the owner of the device. I pay in the neighbourhood of a thousand dollars for devices like these, and if so I had better be the owner. That means that that if I don't already have root access, I'd damn well ought to be able to get it if I want it. If I can't do that, then I am not the owner of the device, but rather I am the one pwned by it.
    --
    Numquam ponenda est pluralitas sine necessitate.
    • (Score: 3, Insightful) by darkfeline on Sunday September 29 2019, @10:43PM (1 child)

      by darkfeline (1030) on Sunday September 29 2019, @10:43PM (#900570) Homepage

      Are you buying an appliance or a computing device? As an appliance I see no need for root access. I don't mind that I don't have convenient root access to the chips in my dumb washing machine. If you want a computing device, buying Apple is a mistake.

      --
      Join the SDF Public Access UNIX System today!
      • (Score: 3, Interesting) by stormwyrm on Monday September 30 2019, @12:10AM

        by stormwyrm (717) on Monday September 30 2019, @12:10AM (#900616) Journal
        But I do imagine if your washing machine breaks down you'd want to be able to fix it even without the manufacturer's blessing, or repurpose it or its parts to some other end. Apple on the other hand actively works against you doing any of these things with their mobile devices. They thus continue to assert ownership of a device you supposedly "bought" from them. They are no different from game cons
        --
        Numquam ponenda est pluralitas sine necessitate.
  • (Score: 2) by etherscythe on Sunday September 29 2019, @06:43PM

    by etherscythe (937) on Sunday September 29 2019, @06:43PM (#900460) Journal

    I have mixed feelings in this direction as well. Think about going to China, where they take your smartphone and do shady things with it outside of your presence as you go through customs. After this, I would consider such a device forever compromised.

    --
    "Fake News: anything reported outside of my own personally chosen echo chamber"