Vulkan

ericthehalfbee said:

Vulkan said:

Mike Wuerthele said:

Vulkan said:

Mike Wuerthele said:

Vulkan said:

Hypothetically wouldn’t this exploit also possibly allow someone to bypass apples iCloud lock? Say you lost your phone or it was stolen so you lock the phone using iCloud wouldn’t this allow a really intelligent thief to run or modify code that bypasses the iCloud lock? Now I’m not talking about secure data because that could be wiped for all they care. If this allows for the eventuality of a jailbreak and the ability to run tethered code it could potentially allow useless phones to become useful and increase thefts provided the phones don’t become blacklisted. I’m not sure if after you bypass the iCloud lock it becomes permanent or not once your outside of the setup screen, but if a jailbreak comes along that allows for semi-tether this could give it persistence.

What I’m saying is their is still some out of the box risk scenarios. 

No. There's more about why this is the case in the interview with the developer. 

And, the possibility of theft of an iPad is unchanged with or without the jailbreak. so the threat profile remains the same before and after the reveal of it.

I’ve done some reading and it looks like my fears are at least confirmed by iOS researcher geosnow who is convinced you’ll be able to use a Custom firmware iCloud lock bypass possibly alongside dumping the secure rom.

The iCloud lock is the security feature that protects the device after it’s been improperly restored or wiped using DFU mode. The iCloud lock binds the device to the users iCloud account rendering the device useless to anyone that does not have the iCloud account it previously used. 

Installing a custom ispw or iOS operating system without this security feature in place will allow the hardware ie iPhone or iPad to to be used. The exploit only needs to install the custom iOS onto the device which wasn’t possible before at bootrom level. I am unsure about SEP’s (Secure Enclave) working in a custom environment, but all that may mean is the iPhone won’t be able to be locked using the Touch ID or FaceID. Persistence may* I’m not sure.. require a computer to reboot. 

It’s not practical, but it seem like it’s possible for bad actors or people who have a locked iPhone. I don’t endorse this whatsoever, but I think the their is more to it that is still being researched, and may later effect consumers. 

GeoSnow is a well known iOS security researcher in the Jailbreaking community. Good or bad his pwndfu mode is what he’s working on to install custom ispw’s, or upgrade/downgrade iOS versions. 

https://jailbreak.fce365.info/Thread-How-to-use-the-Checkm8-BootROM-Exploit-iPwnDFU-on-iOS-8-up-to-iOS-13-1-1

https://mobile.twitter.com/FCE365

I know who GeoSnow is, and he hasn't said anything in regards to what you're proposing here. 

An iCloud lock isn't bypassed by a DFU in any way, and as it stands, this won't let you do that either. And, even if there is some chain that leads to that, it still won't be persistent if it needs Checkm8 to execute and run -- and, again, the user's data is still in no danger.

Even if it works in an improbable chain of attacks, you're right -- It isn't practical, isn't cost-effective, and there's still money to be made in selling parts from a stolen device. Nothing has changed. The threat to users remains unchanged.

He literally said it on his twitter and his fourm has threads dedicated to creating custom iCloud bypass firmware up to the iPhone X. 

https://twitter.com/FCE365/status/1177552771232555008

But your right their isn’t further risk today to users then yesterday or a couple years ago. 

Anyways... time will tell what they come up with. Gonna have to see how this all plays out just hoping your right and it’s just ends up simply as being good news for the JB community with no downsides. 

I think he’s full of shit. Without persistence you won’t be able to bypass Activation Lock. Without persistence you can’t have a jailbroken device that’s “permanently” jailbroken.

Mike Wuerthele said:

Vulkan said:

Hypothetically wouldn’t this exploit also possibly allow someone to bypass apples iCloud lock? Say you lost your phone or it was stolen so you lock the phone using iCloud wouldn’t this allow a really intelligent thief to run or modify code that bypasses the iCloud lock? Now I’m not talking about secure data because that could be wiped for all they care. If this allows for the eventuality of a jailbreak and the ability to run tethered code it could potentially allow useless phones to become useful and increase thefts provided the phones don’t become blacklisted. I’m not sure if after you bypass the iCloud lock it becomes permanent or not once your outside of the setup screen, but if a jailbreak comes along that allows for semi-tether this could give it persistence.

What I’m saying is their is still some out of the box risk scenarios. 

No. There's more about why this is the case in the interview with the developer. 

And, the possibility of theft of an iPad is unchanged with or without the jailbreak. so the threat profile remains the same before and after the reveal of it.

I’ve done some reading and it looks like my fears are at least confirmed by iOS researcher geosnow who is convinced you’ll be able to use a Custom firmware iCloud lock bypass possibly alongside dumping the secure rom.

The iCloud lock is the security feature that protects the device after it’s been improperly restored or wiped using DFU mode. The iCloud lock binds the device to the users iCloud account rendering the device useless to anyone that does not have the iCloud account it previously used. 

Installing a custom ispw or iOS operating system without this security feature in place will allow the hardware ie iPhone or iPad to to be used. The exploit only needs to install the custom iOS onto the device which wasn’t possible before at bootrom level*. I am unsure about SEP’s (Secure Enclave) working in a custom environment, but all that may mean is the iPhone won’t be able to be locked using the Touch ID or FaceID. Persistence may* I’m not sure.. require a computer to reboot. 

Mike Wuerthele said:

Vulkan said:

Hypothetically wouldn’t this exploit also possibly allow someone to bypass apples iCloud lock? Say you lost your phone or it was stolen so you lock the phone using iCloud wouldn’t this allow a really intelligent thief to run or modify code that bypasses the iCloud lock? Now I’m not talking about secure data because that could be wiped for all they care. If this allows for the eventuality of a jailbreak and the ability to run tethered code it could potentially allow useless phones to become useful and increase thefts provided the phones don’t become blacklisted. I’m not sure if after you bypass the iCloud lock it becomes permanent or not once your outside of the setup screen, but if a jailbreak comes along that allows for semi-tether this could give it persistence.

What I’m saying is their is still some out of the box risk scenarios. 

No. There's more about why this is the case in the interview with the developer. 

And, the possibility of theft of an iPad is unchanged with or without the jailbreak. so the threat profile remains the same before and after the reveal of it.

Thanks for clarifying. Seems like a lot of speculation was going around about what this exploit can allow. 

Hypothetically wouldn’t this exploit also possibly allow someone to bypass apples iCloud lock? Say you lost your phone or it was stolen so you lock the phone using iCloud wouldn’t this allow a really intelligent thief to run or modify code that bypasses the iCloud lock? Now I’m not talking about secure data because that could be wiped for all they care. If this allows for the eventuality of a jailbreak and the ability to run tethered code it could potentially allow useless phones to become useful and increase thefts provided the phones don’t become blacklisted. I’m not sure if after you bypass the iCloud lock it becomes permanent or not once your outside of the setup screen, but if a jailbreak comes along that allows for semi-tether this could give it persistence.

What I’m saying is their is still some out of the box risk scenarios.