Unpatchable Flaw in Apple Chips Exposes Older iPhones to Jailbreak Risks
The release of a vulnerability in Apple chips, dubbed “usbliter8,” has opened the door to potential iPhone jailbreaks, allowing hackers to bypass security checks and access user data. This development mirrors the vulnerabilities found in iOS 4.3 in 2011, which led to the development of several jailbreak tools. The flaw affects iPhones with Apple-made chips A12 and A13, released in 2018 and 2019, respectively.
Paradigm Shift, an offensive cybersecurity company, published the vulnerability and a proof of concept, which requires physical access to the target phone. The company’s incentive to release this information lies in its business model, which involves selling spyware and hacking tools to government agencies. By publishing this vulnerability, Paradigm Shift is creating a potential market for its services.
The vulnerability affects the iPhone’s Boot ROM, the first piece of code that runs when an iPhone is turned on. Exploiting this vulnerability allows hackers to defeat further security checks and potentially access user data. However, it is essential to note that this vulnerability does not mean that older iPhones are easily hackable by anyone.
Decision Logic and Mechanics Behind the Vulnerability Release
Paradigm Shift’s decision to release the vulnerability is likely driven by its business interests. By creating a potential market for its services, the company is generating demand for its spyware and hacking tools. This move also demonstrates the company’s expertise in finding iOS vulnerabilities, which can be used to attract clients.
The operational mechanics behind the vulnerability release involve the exploitation of the Boot ROM, which is burned into the chip and cannot be patched. This means that affected users must migrate to newer hardware to mitigate the vulnerability. The company’s blog post explicitly states that “as these vulnerabilities reside in immutable code, affected users should be aware that migrating to newer hardware remains the most effective mitigation.”
The release of the vulnerability also raises questions about the company’s relationship with government agencies. As a seller of spyware and hacking tools, Paradigm Shift likely has existing relationships with these agencies, which could be leveraged to develop effective hacks for iPhones.
Winners, Losers, and Disrupted Parties
The release of the vulnerability benefits security researchers and hackers who specialize in finding iOS vulnerabilities. These individuals can now develop effective hacks for iPhones, provided they can find additional vulnerabilities to chain together with usbliter8. This could lead to the development of new jailbreak tools and techniques.
On the other hand, Apple and its users are negatively impacted by the release of the vulnerability. The company’s reputation for security is undermined, and users of older iPhones are exposed to potential hacking risks. Additionally, companies that sell systems to hack iPhones, such as Cellebrite and Magnet Forensics, may also be affected as their techniques may become less effective.
The disruption caused by the vulnerability release also extends to the broader cybersecurity industry. The development of new jailbreak tools and techniques could lead to a surge in iPhone hacking, which could have significant consequences for individuals and organizations that rely on these devices.
The Skeptical Case
While the release of the vulnerability is significant, it is essential to acknowledge that the impact may be overstated. The vulnerability requires physical access to the target phone, which limits its potential for widespread exploitation. Additionally, the complexity of developing effective hacks for iPhones means that only sophisticated hackers will be able to take advantage of the vulnerability.
Historically, the development of jailbreak tools has been a cat-and-mouse game between security researchers and Apple. The company has consistently updated its security measures to prevent jailbreaking, and it is likely that Apple will respond to this vulnerability with a similar update.
The Signal to Watch Next
The next significant event to watch is Apple’s response to the vulnerability. The company’s update cycle typically occurs on a regular basis, and it is likely that Apple will release a security update to address the vulnerability. Additionally, the development of new jailbreak tools and techniques will be an important indicator of the vulnerability’s impact.
Another important signal to watch is the reaction of government agencies and cybersecurity companies to the vulnerability. The development of effective hacks for iPhones could lead to a surge in demand for spyware and hacking tools, which could have significant consequences for the cybersecurity industry.
What’s your take on this? Drop your perspective in the comments below.
By Alex Mercer, Senior Tech Analyst at TrendFlashy
Ready to launch your own asset?
Check out our guide on Building a Profitable Online Business.
