Let’s talk Checkm8
This is a boot rom level security exploit announced late last week that affects every iPhone from the 4s to the X, every iPad from the 12.9in iPad Pro 1 and 2, the 9.7in iPad Pro, the 10.5in iPad Pro, iPad mini 1 through 4, iPads 2 through 7th generation, as well as iPod Touches 5-7, Apple TV 3 trough 4K, and HomePod.
Devices **NOT** affected include the iPhone XR, XS/Max, 11, 11 Pro/Max, iPad Air 3, Pro 3 (2018) (both sizes), and Mini 5.
Checkm8 is very serious, but also very limited. The threat level for the average Joe isn’t much different than a week ago. If this is you, you can pretty much stop reading here.
What is it?
Bootrom is the first set of code run when an iPhone boots. It lives on a ROM or a read only memory chip. This typically can’t be changed but can be targeted if there is a bug or security issue. These can’t be patched almost at all, but it’s Apple, never say never. This probably can and will be turned into a jailbreak somehow sooner than later.
How it’s limited.
This has very limited, and very targeted potential to be made into an attack. This isn’t something the everyman has to worry about.
**NOTE, THIS IS NOT AN ATTACK THAT CAN BE PERFORMED REMOTELY. IT REQUIRES PHYSICAL ACCESS TO A VULNERABLE DEVICE.**
Another limitation is that Apple has built a secure start up process that has every single step verified by the previous step, and if it detects something at fault, iOS just will not run. Checkm8 isn’t persistent. It works by having code copied onto SRAM which is “wiped” every time the device is restarted. So, for an attack to actually be carried out over a long period of time, someone would need continuous access to your device.
Keeping on with limitation, it can’t do much with a device with the Secure Enclave (A7 or later) because it can’t get past the hardware-based encryption. The only way this could be bypassed is if someone put a keylogger on using this method and captured your passcode/word. This is really impractical because if someone close to you wants in this bad, they can just do the ol’ shoulder peek the passcode. A backdoor is so incredibly unlikely because of how limited the access is. They would most likely use a backdoor through a bad link, attachment, or WiFi hotspot.
If you’re concerned and rocking an iPhone 4s/5 JUST UPGRADE ALREADY. There are a million reasons why you should, but just consider this 1,000,001. This wouldn’t even be in my top 5 list of security-based upgrade reasons though.
The only people that will positively benefit is jailbreakers. They don’t have to worry about this getting patched out as it literally can’t be.
If you’re rocking 5s or later, you’re for the most part, safe. If you feel like this could be an issue, I have reason to believe you’re already upgrading frequently enough to have upgraded out of this issue.
Huge thanks to [Rene Richie]( https://www.youtube.com/watch?v=Z9ZFbk4SM-o), [Ars Technica](https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/), and [MalewareBytes](https://blog.malwarebytes.com/mac/2019/09/new-ios-exploit-checkm8-allows-permanent-compromise-of-iphones/) for all of the information.