iPhone hacker

How serious is Apple’s ‘unpatchable’ Boot ROM cybersecurity bug?

Today, a cybersecurity researcher dropped an epic bomb on Apple’s iOS/iPadOS security. The headlines are very scary. Should you be worried?

The headlines are screaming the end of the world for the security of iPhones and iPads. For example, this headline, Unpatchable bug in millions of iOS devices exploited, developer claims, reported,

Today, an iOS security researcher who earlier developed software to “jailbreak” older Apple iOS devices posted a new software tool that he claims uses a “permanent unpatchable bootrom exploit” that could bypass boot security for millions of Apple devices, from the iPhone 4S to the iPhone X.

For those who are less technically inclined, I will explain what this all means. After reading this article, you will be in a better position to assess your risks.

To understand what this hack is all about, I need to explain to you what “secure boot” is. As I wrote in my book, Digital Security & Privacy for Dummies (note the bold and italicised text),

One way for computers/devices to protect against unauthorised modification to the operating system is for the manufacturer to implement a feature called “Secure Boot”.

Basically, the idea behind secure boot is to use hardware-based cryptographic verification methods to ensure that every piece of instruction code that executes is not tampered from the moment your computer/device is first turned on. When you first turn on the computer/device, the first code that run is technically immutable (i.e., executed from read-only memory). It is very important that this first piece of code is absolutely immutable because this is the only way to be assured that it has not been tampered. The purpose of this immutable code is to cryptographically verify the next piece of code that is loaded (which is non-immutable) to ensure that it is not tampered before executing it. That code then verify the next piece of code, which then verify the next, in a chain, until the operating system is finally loaded. By the time the operating system is running, it is theoretically assumed that no malicious code is running in the computer.

On Apple’s iOS/iPadOS devices, the first immutable code that is executed when the device is first turned on is called the “Boot ROM”.

That’s where the trouble starts.

From iPhone 4s all the way to iPhone X, there is a security hole in the Boot ROM. A security researcher found a way to exploit this security hole to execute his own unauthorised software code on the device. The implication is that subsequent code that executes can be any arbitrary software code not authorised by Apple. That means this is a tiny wedge for hackers to insert their malicious software code into iOS/iPadOS devices.

The reason why this security hole is so epic is that the software code in the Boot ROM is immutable. It cannot be repaired with a software update. That means Apple cannot do anything about it. The security hole is permanent.

At this time, this is still the early days. Attackers, from individual curious teenagers to government-employed hackers will be working overtime to figure out how to exploit this security hole to achieve their aims. For example, the ‘jailbreak’ community will be happy that very soon, they will have a hope of running software not approved by Apple. Government-sponsored hackers, on the other hand, will devote considerable amount of resources to develop powerful spying and surveillance tools that Apple cannot disable.

What does it mean for you?

First, the good news. This security hole cannot be exploited over the Internet. The attacker need to have physical access to your device and connect it to their hacking equipment (which can be just a laptop). So, make sure you keep your device close to yourself and never leave it out of sight. That’s why I had said in my book,

Therefore, the only absolute way to protect against the Evil Maid attack is to keep your computer/device within your sight at all times. For smart-phones, it is easier to do that because you can always keep it with you in your pocket. For tablets, laptops and desktop computers, it is much harder to keep a constant eye on them.

For the moment, exploiting this security hole for malicious purposes (i.e. excluding those ‘jailbreak’ software) is extremely challenging. This is something ordinary teenage hackers cannot do, at least for now. Only entities with the resources of a nation state can have the motivations and capabilities to do that. Also, there is a possibility that government-sponsored hackers already know about this security hole for years already.

So, there is basically two ways to protect yourself against this epic security hole:

  • Ensure the physical security of your device. Never leave it out of your sight or control.
  • Get the latest new iPhone or iPad. The newest device from Apple does not have the security hole. This implies that Apple already knew about the existence of the security hole and had quietly fixed it in the latest hardware.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from iSecurityGuru

Subscribe now to keep reading and get access to the full archive.

Continue reading