Checkm8 is a bootRom level security exploit that can be used against every iPhone from the iPhone 4s to iPhone 11.It was announced late last week and ever since we’ve seen everything from fear, uncertainty and doubt, supremely good reporting on what it is, and what it isn’t and most importantly what it means for all of us so let’s try to sort it all out and break it all down.You can also download iOS 13.4 beta 2.
Checkm8 is absolutely serious but very specific and in some ways very limited.It is certainly helpful to jail breakers and researchers that it exists probably neutral or good for bad actors and bad for Apple and a black eye for iOS security.That will no doubt drive them even harder to lock things down even better.But for the average user the threat level today probably isn’t much different than it was a before the release of Checkm8.
What is BootRom Exploit?
BootRom or secure boot is the very first code that runs on an iOS device.When it starts up it lives on a ROM or read-only memory chip at the very lowest level of the device and it typically can’t be changed.A bootRom exploit then is an exploit that targets a bug in the bootRom that’s as opposed to the far more common exploits that target bugs at the higher operating system-level.
While operating system exploits are far more common they’re also far more easily fixed.Pretty much every time Apple updates iOS the new version patches security issues with the older version.Not so with boot ROM exploits because they’re in wrong they’re not impossible to patch.
Which Devices are Affected?
So far every device with a boot ROM stays exploited and Checkm8 exploits every device with an A5 to a 11 chipset ,so far device is affected by Checkm8 is:
- iPhone 4s,5,5C,5S,6,6s,,7,8 and X.
- iPad 2,3,4,AIR,AIR 2,5,6,7.
- iPad mini 1,2,3,4.
- iPad Pro 1,2.
- Apple TV 3,4,4K
New Devices Not Affected?
Checkm8 doesn’t work on A12 or A13 ,so that means the following below listed devices are not affected by Checkm8.
- iPhone X,XR,XS,XSMAX.
- iPhone 11,iPhone 11 PRO Max.
- iPad Air 3 (2019)
- iPad mini 5 (2019)
- iPad PRO 3 (2018)
Jailbreak or Attack?
Checkm8 will probably turn into a jailbreak sooner rather than later, but also has some very limited, very targeted potential to be turned into an attack.It’s probably not something most of us have to worry about.
There are a few things that limit Checkm8 potential as an attack.So below are the attack limitation.
1.No Remote Execution
It can’t be executed remotely, someone has to take physical possession of your iPhone iPad or other iOS device first, put it in DFU mode or device firmware update mode and then plug it into a PC over USB before they can even run the exploit.
2.No Persistence after Reboot
Second Apple has a secure boot chain, so every step is checked by the previous step and as the signatures aren’t verified the software just won’t run. Checkm8 can’t rewrite the bootRom it can only exploit.
3.No Access To SEP/Passcode
Third Checkm8 doesn’t compromise a secure enclave on the A7 or later.Which means it can’t beat the hardware encryption get around touch ID or pass-code and doesn’t work on devices with face ID or otherwise give anyone else access to your data or secrets.
WHAT CAN AN ATTACKER DO WITH CHECKM8 BOOTROM EXPLOIT?
As mentioned earlier if you are using older versions of iPhone or iPad then there is a high risk that hacker will gain access to your data. Doesn’t matter if you have strong pass-code on your iPhone or iPad.
- If you have week pass-code on your iPhone then it’s easy for attackers to physically access your iPhone data.
- While on the other side if you have strong pass-code on your iPhone or any other iOS device ,then it will become tough for attacker to break that pass-code.
To get access to your data, you would have to leave your device lying around somewhere for an extended amount of time, an attacker would have to get a hold of it run the exploit get a hold of and load up malware that could try and capture your credentials put your device back and then try to capture them when you next use it,If they’re a disgruntled family member with that kind of access to your devices it’d be far easier just with for you to fall asleep and put your finger on the touch ID sensor.
For non family members again the Creator talking“Installing a potential backdoor is not really a scenario that I would worry much about, because attackers at that level would be more likely to get you to go to a bad web page or connect to a bad Wi-Fi hotspot in a remote exploit scenario.Attackers don’t like to be close they want to be in the distance and hidden”.
Hack personal information
It’s very easy for any hacker to replace your used one checkm8-based malware.Attacker can easily download the used one copy of your iOS operating system. Remember only that checkm8-based malware has ability of being hacked that cannot be differentiated from the real one.
Once it has been attacked it can easily replace following mentioned stuff:
- Login screen
- Can easily login to your keystrokes
- Can easily send them to the server of hacker.
Can you detect the attacks?
No you are unable to know if your used checkm8-based malware has been attacked it not.It is very difficult for you to detect any attack to your iOS system.And these attacks can pass some of the automated checks.But your device can be easily restored to its previous operating system by only one method and that is reboot your device.When you reboot your device it will automatically revert your iOS device if it has been attacked to the original form.
How to protect your iOS operating system from attacks?
As I mentioned above it’s very difficult to detect any attack but you can prevent this attack by iCloud lock. iCloud lock is considered as an activation lock for your iPhone and it prevents all kind of attacks.If you have iCloud lock then your device will be automatically protected by attacks and all kinds of unauthorized activities .iCloud lock offers you the following two main benefits:
- Your device will be protected by attacks.
- Only the owner of device will be able to access its features.
Bypass iCloud Lock
I have already mentioned the benefits of having iCloud lock and you must feel blessed if you already have iCloud lock.iCloud locked device is considered to be free attacks. But now it has been changed due to the release of checkm8.GeoSnow is one of the popular security researcher and always told about the exploits and vulnerabilities. GeoSnow has announced that due to checkm8, iCloud bypass may be seen in future.
PROTECTION AND MITIGATION TECHNIQUES
BEWARE OF ROGUE CHARGING STATIONS
Beawear of rouge charging stations because checkm8 requires the hacker to connect your iPhone to PC/Mac via USB cable.Which means that attackers just have to inset malware to your iPhone via a malicious lightning cable or they can also put your iDevice into DFU mode.
So before connecting your iDevice make sure to use authentic USB cable to charge or to connect your iphone or ipad.
Always CHECK YOUR LIGHTNING PORT
Checkm8 requires PC/Laptop to boot you can say a Lightning-USB which loads the exploit on every boot can effectively untether it.
However, if you are a jailbreaker, installing these devices will ensure your device stays in the jailbroken state for longer periods of time.
REBOOT YOUR DEVICE
If you noticed any malicious activity on your device then you have to reboot your iDevice.Rebooting your deice allows Apple security to check if these is any malicious activity or not.So if you find any activity or if you have any doubt restart your iPhone or iPad.
That’s all for today I hope you like that tutorial on How to protect your iPhone from checkm8-based attacks.If you have any question related to this topic then feel free to ask down below in the comment section.Also you can like us on Facebook.