Many users are not keen on upgrading their devices every year, with some preferring to keep their gadgets for as long as they remain usable. However, owners of older Apple devices may not have that option in the long term following the discovery of a hardware-level vulnerability that cannot be patched via software updates.
Security researchers from Paradigm Shift have published a detailed report on an exploit known as usbliter8. The exploit targets the SecureROM, the immutable boot code built into the processor, on devices equipped with A12, A13, S4, and S5 chips. The researchers also demonstrated a proof of concept showing how the exploit operates.
Affected Devices And How It Works
According to the company, the usbliter8 specifically affects models like the iPhone XR, XS, XS Max, iPhone 11, 11 Pro, 11 Pro Max, and iPhone SE. It also targets the third-gen iPad Air, fifth-gen iPad Mini, and eight- and ninth-gen iPad. Other devices, like the Apple Watch Series 4, Series 5, second-gen Apple TV 4K and Studio Display, are also vulnerable.
The proof of concept exploits a flaw in the USB controller used by Apple’s DFU mode. By sending specially crafted USB requests to a vulnerable device, the exploit triggers a memory corruption issue within SecureROM, the immutable code stored on the chip itself. This allows the attacker to gain code execution during the early boot process and run their own code before the operating system loads.
Should Users Worry?
While this is bad, there is a silver lining: the exploit is not remotely accessible over the internet. Instead, it requires physical possession of the device and the technical knowledge needed to place it into DFU mode and execute the attack.
Even if attackers successfully exploit a vulnerable device, usbliter8 does not give them access to the Secure Enclave. That means users do not have to worry about losing their passcodes, biometric data, and encryption keys. The exploit also does not affect devices powered by Apple’s A11 chip, while devices running on the A14 chip onwards appear to be safe from this attack.
So, should you be concerned? Not really. As long as a user does not leave their device unattended in a way that allows physical access, the risk remains limited. Paradigm Shift also stated that it worked with Apple prior to publicly disclosing its findings. The vulnerability cannot be fixed via a software update due to its hardware-level nature, but the disclosure process can still help Apple improve the design of future chips.
If the vulnerability still gives you pause, upgrading to a newer device remains the most straightforward way to avoid the affected chips altogether. Fortunately, Apple has launched several generations of iPhones, iPads, and Apple Watches since the A12 and A13 era, so many users may already be due for an upgrade anyway.
(Source: Paradigm Shift)