'Checkm8' used to jailbreak iPhone X running iOS 13.1.1
The security researcher who developed the "Checkm8" exploit has continued working, and has demonstrated an iPhone X booting in verbose mode with the aid of the exploit that was revealed on Friday.
According to "axi0mX." the jailbreak took only seconds on an iPhone X running iOS 13.1.1. As the exploit is in the boot ROM, the operating system version isn't really relevant to the exploit, as the security chain is broken before the device gets to the patchable iOS part.
As before, the exploit still requires a tether, meaning a connection to a computer. Additionally, a reboot will prevent any system modifications like keyloggers installed during the jailbreak from loading, and restores the Secure bootchain.
The exploit works on any iPhone up to and including the iPhone X. User data and passcode security is maintained with any device that includes a Secure Enclave, including the iPad Air and newer, iPod touch seventh generation, and the iPhone 5s and newer.
According to "axi0mX." the jailbreak took only seconds on an iPhone X running iOS 13.1.1. As the exploit is in the boot ROM, the operating system version isn't really relevant to the exploit, as the security chain is broken before the device gets to the patchable iOS part.
As before, the exploit still requires a tether, meaning a connection to a computer. Additionally, a reboot will prevent any system modifications like keyloggers installed during the jailbreak from loading, and restores the Secure bootchain.
As the developer of the exploit said on Saturday, the demonstration is the next logical step in developing a new and full jailbreak. Because of the limitations involved in a boot ROM exploit and the Secure Enclave engineering in the iPhone 5s and later, it still doesn't imply anything further in regards to device security.HACKED! Verbose booting iPhone X looks pretty cool. Starting in DFU Mode, it took 2 seconds to jailbreak it with checkm8, and then I made it automatically boot from NAND with patches for verbose boot. Latest iOS 13.1.1, and no need to upload any images. Thanks @qwertyoruiopz pic.twitter.com/4fyOx3G7E0
-- axi0mX (@axi0mX)
The exploit works on any iPhone up to and including the iPhone X. User data and passcode security is maintained with any device that includes a Secure Enclave, including the iPad Air and newer, iPod touch seventh generation, and the iPhone 5s and newer.
Comments
That said it pays to be aware of stuff like this when traveling, and of course Apple is learning how to block this exploit going forward, so the research that went into it is valuable.
It would be nice for the developer to not mislead people into thinking that this is a complete compromise of the device security. No, he wants people to think that for headlines.
But the way he talks (tweets) it sure sounds like this is the end of security for iOS device users.
Even in his interview he refuses to give answers to simple questions and always obfuscates with words like “it depends”. Always have to give readers some hope by leaving the door open, even if it’s only open by a micron.
or passcode.
It also isn’t possible to bypass the 10 count limit if the processor is an A11 or newer so you can’t realistically boot force guess the PIN on those.