Checkm8 Exploit Opens Door to Unpatchable Jailbreak on iPhone 4S Through iPhone X

[MacRumors]

A security researcher who goes by "axi0mX" on Twitter today released "checkm8," which he claims is a bootrom exploit for iOS devices equipped with A5 through A11 chips, including the iPhone 4S through iPhone X, several iPad models dating back to the iPad 2, and the fifth-generation iPod touch and later.

This would be the first publicly released bootrom exploit since the iPhone 4 in 2010 and pave the way for a permanent, non-patchable jailbreak on hundreds of millions of affected iOS devices. Since the bootrom is read-only, Apple cannot patch this type of exploit with a software update.

EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). https://t.co/dQJtXb78sG - axi0mX (@axi0mX) September 27, 2019

The bootrom exploit has many other possibilities on affected devices, including downgrading iOS versions without SHSH blobs or APTickets, dual booting iOS, and running custom firmwares, according to jailbreak enthusiasts.

This is significant news in the jailbreaking community, as the last bootrom exploit known as "limera1n" was released by George "geohot" Hotz nearly a decade ago for devices with A4 chips and earlier, including the iPhone 4, iPhone 3GS, the third- and fourth-generation iPod touch, and the original iPad.

Article Link: Checkm8 Exploit Opens Door to Unpatchable Jailbreak on iPhone 4S Through iPhone X

 

[Jeremy1026]

I haven't been jailbroken since the 3G, what's the big draw of a jailbreak now a days?

 

[courtma41]

Unless this can be used as a security exploit, I doubt anyone but the vast minority of iOS users will care.

 

[lunarworks]

I haven't been jailbroken since the 3G, what's the big draw of a jailbreak now a days?

All the cool kids violate their warranty. Didn't you know?

 

[orisonmarden]

holy cow, this is something else.

 

[realeric]

Recall is coming 3 2 1 ... CIA FBI like this news.

 

[itsmilo]

All the cool kids violate their warranty. Didn't you know?

one restore on iTunes and your warranty is „restored“ so to speak

 

[Mad Mac Maniac]

I haven't been jailbroken since the 3G, what's the big draw of a jailbreak now a days?

I’m sure people have their reasons. Themes, illegal downloads, and all sorts of little tweaks and customizations. But I agree there is little to no reason for majority of people.

 

[zorinlynx]

This is great, it means people who want to do crazy things with their older iOS devices can jailbreak them to do so.

There's really no real world security threat; you have to go out of your way to do a bootrom exploit.

 

[Daremo]

For older devices, this is a good thing for people who want to customize.

 

[vmachiel]

This can't be good for the security of these devices...

 

[tobefirst ⚽️]

I haaaaaaate the new force press/haptic touch menu on iOS 13. I would consider jail breaking just to go back to how that worked on my X on iOS 12.

 

[whoknows2597]

And have malware installed or spying on you. No thanks. Apple should have gotten their sh** together and not have had the exploit open for nearly a week.

 

[redheeler]

Good, now we can have proper downgrade rights on these devices. It's sad that something like this is needed to, for example, downgrade to iOS 10 on an iPad Air 2 for the simple purpose of running 32-bit apps.

 

[zorinlynx]

This can't be good for the security of these devices...

And have malware installed or spying on you. No thanks. Apple should have gotten their sh** together and not have had the exploit open for nearly a week.

This is a bootrom exploit. It can only be exploited when the device is in DFU recovery mode and will not affect the security of devices being used normally.

This is really the best kind of jailbreak exploit because only the people who really want to go out of their way to jailbreak can use it. Regular users are safe; all it means is that people can do whatever they like with these devices they own now.

 

[realtuner]

Meh, nothing to worry about.

If this could be done on someone else’s iPhone without their knowledge, that that would be a massive security hole. As is it poses no threat to anyone and is more of a curiosity people can play around with.

The “unpatchable” part is misleading. Apple can’t patch a device that’s had this performed, but they sure can make changes to iOS to prevent this from working in the future.

 

[gaximus]

I read the title as, jail brake a 4S through iPhone X, as in using an iPhone X to jail brake an iPhone 4S

 

[rjohnstone]

Similar to unlocking the boot loader on an Android device.
This does have security implications as it will allow devs to get into the secure boot area for more detailed analysis.
Being able to decrypt and dump the entire secure boot rom must have law enforcement agencies drooling.

 

[centauratlas]

This is a bootrom exploit. It can only be exploited when the device is in DFU recovery mode and will not affect the security of devices being used normally.

This is really the best kind of jailbreak exploit because only the people who really want to go out of their way to jailbreak can use it. Regular users are safe; all it means is that people can do whatever they like with these devices they own now.

I reality, "regular users" are NOT safe. If your phone is ever stolen or lost someone will have physical access to your device and then is able to potentially access EVERYTHING on it. Or even if someone just has access to the phone for a little while, they could install spyware/malware and you would probably not know it.

This is a huge deal IF true.

(Of course, the cynic will say, "ah ha, this will enable a huge replacement cycle...lol. And those companies selling exploits to law enforcement and authoritarian governments could see their market dry up.)

 

[Khedron]

The “unpatchable” part is misleading. Apple can’t patch a device that’s had this performed...

Seems pretty unpatchable then.

 

[honglong1976]

I haven't been jailbroken since the 3G, what's the big draw of a jailbreak now a days?

Copied games. Although as annoying as DLC is, and paying to unlock the game. It is a good method to prevent copied games. Although, those dodgy guys always find a way!

 

[ouimetnick]

I used to jailbreak before iOS 4 came around. Haven’t seen a reason to jailbreak since, but cool! 🤷🏻‍♂️

 

[cocky jeremy]

All the cool kids violate their warranty. Didn't you know?

Jailbreaking never affected warranty.

 

[zorinlynx]

I reality, "regular users" are NOT safe. If your phone is ever stolen or lost someone will have physical access to your device and then is able to potentially access EVERYTHING on it. Or even if someone just has access to the phone for a little while, they could install spyware/malware and you would probably not know it.

This is a huge deal.

(Of course, the cynic will say, "ah ha, this will enable a huge replacement cycle...lol.)

They will still need your passcode to decrypt the key for the data partition on the phone. They won't have access to anything without your passcode. Apple has thought this stuff through.

 

[Khedron]

I reality, "regular users" are NOT safe. If your phone is ever stolen or lost someone will have physical access to your device and then is able to potentially access EVERYTHING on it. Or even if someone just has access to the phone for a little while, they could install spyware/malware and you would probably not know it.

This is a huge deal.

(Of course, the cynic will say, "ah ha, this will enable a huge replacement cycle...lol.)

Tim just had to put up that billboard...

[automerge]1569596438[/automerge]

They will still need your passcode to decrypt the key for the data partition on the phone. They won't have access to anything without your passcode. Apple has thought this stuff through.

Once the data is copied off the phone can't you brute force it without fear of being locked out? What's the encryption like?