Checkm8 vulnerability details

The iPhone's checkm8 exploits aren't that destructive and scary either.

According to the original axi0mX exploit, checkm8 exploits were some kind of vulnerability in boot Rom. As a result, the attackers could gain the highest level of access to iOS devices, and Apple would not be able to block or fix it through an update. If this vulnerability was correct, we could consider it to be the biggest iPhone attacker community in recent years. BootRom is a "read-only" memory, meaning it cannot be changed using software updates and will be permanent on all devices. This exploit is the first bootrom vulnerability of iOS devices since the iPhone 4 introduced about 10 years ago.
The hacker in question, axi0mX, says of the public release of this exploit: Boot-rom exploit for older devices will make iOS better for everyone. Jailbreakers and developers can upgrade their phones to the latest version of Jailbreak OS and no need to stay on older versions of iOS. This will also increase security. vulnerability found in the initial code of iOS devices at boot. Boot Ram is a "read-only" memory, meaning it cannot be changed using software updates and will be permanent on all devices. This exploit is the first bootrom vulnerability of iOS devices since the iPhone 4 introduced about 10 years ago.
Hundreds of millions of iPhone devices are affected by this exploit, from the iPhone 4S with the A5 chip to the iPhone 8 and the iPhone X with the A11 chip. Apple seems to have fixed this security hole on the A12 chip last year, so last year's iPhones and the iPhone 11 series are now safe.
Another report by security researchers later revealed that the vulnerability was not as dangerous as it was thought. Checkm8 exploit targets the boot of the iPhone and iPad rather than the iOS operating system. As a result, there are only two ways for users to be affected by this exploit's iPhone: one is to physically connect to the computer where the exploit is embedded, and the other is to select the users themselves.

What does physical connection mean?
These kinds of vulnerabilities, also known as Tethered, can only infect users' devices with physical connectivity, not to mention that the victim's device can be infected by going to a website or installing malware. It alone can close the security hole created.
C5 and older iPhones lack secure encryption, so if they are infected by this malware, the phone's password and other personal information will be compromised. But iPhones 5S and above use secure encryption and will not be affected by these attacks.
 

However, to make the iPhone or iPad vulnerable, the user's phone must be connected to the computer via cable, then put in the DFU mode and then infected. However, this method may not always work.
Keylogger software can be installed on the iPhone after the device has been hacked, but the mechanism that Apple puts into its devices will reboot the exploit every time.
Apple's mechanism is called Secure Bootchain. Simply put, there are a number of security steps that, at every step, check the security of the previous step and in some steps the security of the next step to always ensure the security of the handset. Bootchain does not allow secure software to continue operating after the iPhone reboot.
What can users do?
To summarize, either the users themselves should deliberately expose their phone to this exploit or be negligent about the physical security of their phone. But it might be better not to use older phones than the iPhone 5S, or they can reboot their phone occasionally or not be connected to different computers at all.
 

Navigation