Security researchers have identified a critical hardware vulnerability, termed “usbliter8,” affecting Apple’s A12 and A13 chips. This flaw, embedded in the BootROM—the initial code executed when an iPhone powers on—cannot be rectified through software updates, rendering it unpatchable. Devices impacted include the iPhone XS, iPhone XR, and the iPhone 11 series.
The BootROM, also known as SecureROM, is integral to the device’s startup process and is hardcoded into the chip during manufacturing. Consequently, any vulnerabilities within this component are permanent and cannot be addressed via software patches. The usbliter8 exploit leverages a bug in the USB controller of these chips, allowing attackers with physical access to the device to execute arbitrary code during the boot process.
Exploiting this vulnerability requires physical possession of the device and the use of specific equipment, such as a Raspberry Pi. This necessity for direct access mitigates the risk of remote attacks but raises concerns for scenarios involving stolen or confiscated devices. Once exploited, the vulnerability enables attackers to bypass iOS security restrictions, potentially leading to unauthorized access to sensitive data and the installation of unapproved software.
Paradigm Shift, the security firm that discovered usbliter8, has released a proof-of-concept demonstrating the exploit’s feasibility. They have also notified Apple of their findings, and the company has responded promptly and cooperatively. However, due to the hardware-based nature of the flaw, the only effective mitigation for affected users is to transition to newer hardware that is not susceptible to this vulnerability.
It’s important to note that while the usbliter8 exploit provides a method to compromise the BootROM, additional techniques are required to access user data fully. Companies specializing in forensic tools, such as Cellebrite and Magnet Forensics, may utilize similar exploits in conjunction with other methods to extract data from devices.
This development underscores the ongoing challenges in hardware security. Even as manufacturers strive to enhance device protection, the discovery of unpatchable vulnerabilities highlights the need for continuous vigilance and the importance of updating to newer, more secure hardware when possible.
