> The 'Checkm8' exploit isn't a big deal to iPhone or iPad users, and here's why
>
> ---
> On Friday morning, news ¡Xand bad headlines ¡Xstarted circulating about an
> exploit ranging from the iPhone X all the way back to the iPhone 4s.
> But, despite the typical mass-media responses to the news, the exploit
> will have effectively zero impact on the consumer. Here's why.
>
> Apple's iPhone 5c, the last without a Secure Enclave
>
> On Friday morning, hacker axi0mX revealed the "Checkm8" exploit. For the
> first time in nearly a decade, this particular vector is aimed at the
> boot ROM in an iPhone or iPad, as opposed to trying to pry open the iOS
> software.
>
> A series of tweets broke down the exploit ¡Xand spelled out some
> limitations and answers about the exploit. Cue Internet drama.
>
> <
https://twitter.com/axi0mX/status/1177542201670168576>
>
> User vulnerability?
>
> The Checkm8 exploit isn't a drive-by attack. A user can't visit a
> website and be targeted for malware installation. The exploit isn't
> persistent, meaning that every time the iPhone is rebooted, the attack
> vector is closed again.
>
> Earlier iPhones, from the iPhone 5c and earlier, lack a Secure Enclave.
> If you surrender access to your phone, a dedicated assailant can extract
> your iPhone PIN. But, phones with a Secure Enclave ¡Xeverything from the
> iPhone 5s and on ¡Xcannot be attacked in such a manner.
>
> Furthermore, the exploit is tethered. That means that an iPhone or iPad
> needs to be connected to a host computer, put into DFU mode, and
> exploited that way ¡Xand the exploit doesn't always work, relying on a
> "race condition" according to Checkm8.
>
> Software like keyloggers or other malware could theoretically be
> installed following an attack. But, other mechanisms that Apple has put
> into place will defeat that, following a device reboot.
>
> Apple has implemented what's called a "Secure bootchain." In short,
> there are steps at every part of iOS software implication that check the
> integrity of the previous step ¡Xand some that check the next step ¡Xto be
> sure that the phone is safe. The secure bootchain checks wouldn't allow
> software that doesn't comply to function after a hard reboot of an
> iPhone.
>
> We've gleaned this information above from Apple in the hours following
> the exploit's release. The developer axi0mX confirmed these findings,
> and discussed the implications further in an Ars Technica interview on
> Saturday morning.
>
> <
https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/>
>
> All this said, in short, a user has to either specifically want to do
> this procedure to their iPhone and take the steps to execute them, or be
> careless with device physical security and be specifically targeted by
> an assailant for it to be of any real concern.
>
> If you're really worried about it, it's time to ditch the iPhone 5c or
> older that you may be hanging on to. And, you can always completely shut
> down your iPhone after you've left it unattended for any period of time.
>
> A reboot will not just flush out the exploit, but also break any
> software that may have been installed in your absence.
>
> Jailbreaking is fine!
>
> We're not opposed to jailbreaking here at AppleInsider. A few staffers
> have done it in the past.
>
> AppleInsider doesn't generally cover jailbreak exploits. In the
> cat-and-mouse game that is constantly raging between Apple and the
> jailbreak community, information published today is often outdated
> tomorrow. This isn't much different than that in actuality, but it got a
> much wider audience outside of the tech media.
>
> In that media, in the very few hours after the Checkm8 exploit was
> revealed, there has been a lot of fear, paranoia, and finger-pointing
> done across the internet. There is no real reason for it at all.
> Fortunately, as of yet, there haven't been any "nasty secret" style
> headlines regarding this matter. We're sure that some content management
> system someplace has one stored, though, and we're also pretty sure we
> know who's going to do it first.
>
> Most of the headlines are right. This is a big deal for the jailbreak
> community. We don't think it's a bad thing at all. Because of
> limitations for assailants, it just makes no difference to nearly every
> iPhone or iPad user outside of that community, though.
>
> If you take anything away from this, it should be that your are no less
> safe today from the reveal of Checkm8 than you were yesterday, or the
> day before, or four years ago. Malware can't exploit it at all, and if
> you maintain physical security of your iPhone 5S and newer, then your
> passcode ¡Xand your data ¡Xremains safe.
> ---
Update on this exploit Jolly Roger claims is no big deal...
o Apologists _hate_ what Apple is, so they brazenly deny what Apple does.
o Let's talk about a vulnerability that's completely exposing your macOS devices
<
https://ironpeak.be/blog/crouching-t2-hidden-danger/>
"In case you are using a recent macOS device, you are probably using the
embedded T2 security chip which runs bridgeOS and is actually based on
watchOS. This is a custom ARM processor designed by Apple based on the A10
CPU found in the iPhone 7. The T2 chip contains a Secure Enclave Processor
(SEP), much like the A-series processor in your iPhone will contain a SEP."
o "*The root of trust on macOS is inherently broken*"
o "They can bruteforce your FileVault2 volume password"
o "They can alter your macOS installation"
o "They can load arbitrary kernel extensions"
See also:
o Yet another of the never-ending plethora of unpatchable security flaws
in Apple's chips widely reported in the news today
<
https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/Hgk2W8buyac>
--
The plethora of unpatchable flaws existing in Apple chips is astounding.