A new irreparable flaw in Apple’s chips opens the door to jailbreaking an iPhone

A company that sells spyware and hacking tools to government agencies has published details of a vulnerability in Apple’s chips that could help hackers unlock older iPhones.

This release opens the door for other researchers who specialize in finding iOS vulnerabilities, such as those working for or under government contractors, to develop effective iPhone hacks, provided they can find additional vulnerabilities to link to these vulnerabilities. This could help security researchers develop a so-called iPhone jailbreak, a technique to hack into Apple’s mobile operating system and remove all restrictions that the company places on it.

This release is also a reminder that although Apple has made it extremely difficult to hack iPhones, there will always be vulnerabilities that sophisticated hackers can take advantage of to break into them.

On Friday, Paradigm Shift, an offensive cybersecurity company based in Barcelona, ​​published a blog post about the vulnerability, which it called “usbliter8.” The company also published a proof of concept showing how to exploit the vulnerability, which requires physical access to the target phone.

The flaw and associated exploit affect iPhones with Apple-made A12 and A13 chipsets, released in 2018 and 2019, and included in older iPhones like the XS, XR, and even the iPhone 11.

The release of usbliter8 is a big deal in the world of security research, spyware, and hacking tool makers, but that doesn’t mean that older iPhones can be easily hacked by anyone.

The bug found by Paradigm Shift affects the iPhone’s Boot ROM, which is the first piece of code that runs when you turn on the iPhone and, therefore, its first line of defense against hackers. To hack an iPhone with physical access to it — which means being able to plug a cable into it — hackers first need to exploit the Boot ROM. Now, they can do so thanks to usbliter8, which allows them to defeat and bypass more security checks.

Paradigm Shift wrote on its blog that “because these vulnerabilities reside in immutable code, affected users should be aware that moving to newer hardware remains the most effective solution.”

In other words, since the Boot ROM is burned into the chip, it cannot be changed and defects in it cannot be corrected.

In general, companies selling iPhone cracking systems that have been busted by authorities, such as Cellebrite and Magnet Forensics, need and likely already have at their disposal techniques similar to usbliter8 to break into iPhones. However, hackers still need to incorporate other techniques to access user data stored in the phone.

Public jailbreaks for iPhones were relatively common in the past, but have become rarer in the past decade. Jailbreaking an iPhone is often the first step to checking for other vulnerabilities in the system. Researchers — intent on finding valuable flaws in the iPhone and ways to exploit them — have little incentive to release this information publicly, because that would result in Apple fixing the flaws and turning researchers back.

Paradigm Shift did not respond to a series of questions regarding usbliter8.