A new hack of Apple iPhones affects older models. But the XR, XS and newer phones cannot be broken ... [+]
One of the more significant hacks of an iPhone this year is here. It’s big news for the community of hobbyists known as jailbreakers, who like to remove Apple’s control over the devices.
The jailbreak released today, dubbed “checkra1n,” will let users install whatever they like on the iPhone, with none of Apple’s normal restrictions getting in the way.
Its significance lies in the fact that Apple will struggle to ever fix it, at least in devices up to and including the iPhone X. That’s because the underlying vulnerabilities lie in the “bootrom”—the part of the processor that contains the initial lines of code executed by the processor as it powers on.
“Apple cannot fix it because bootrom cannot be patched after a device leaves the factory,” said a hacker who goes by the name axi0mX. They first identified the problem, which they dubbed checkm8, back in September.
iPhone XR and XS models, and the latest devices, aren’t affected. That still means that the hundreds of millions of older iPhones that Apple has shipped can be jailbroken, axi0mX noted.
For anyone who wants to try to jailbreak their iPhone, axi0mX and a team of other iOS hackers have set up a website as a guide. It’s currently only available for download on macOS PCs. Users can then hook up their iPhone and install the jailbreak.
Beware data loss
For anyone who wants to jailbreak their phone, axi0mX recommended backing up data on iTunes or iCloud due to the risk the phone might lose data.
“There should not be any risk of permanent damage to your device, restoring in iTunes should always fix it.”
Apple hadn’t responded to a request for comment at the time of publication.
Though the vulnerabilities remain on many millions of iPhones, the security threat only rises for those who’ve had their device hacked while not physically controlling it and who've continued to use it without rebooting. There are not any known remote exploits that take advantage of the issue. F0r any at-risk users who have sensitive data on their iPhone, such as activists, journalists and politicians, upgrading to a newer device might be necessary.
Using a strong alphanumeric passcode should also help, added axi0mX. “Most people’s risk has not increased. The passcode will protect the data on device on all modern iPhones.”
There are, however, recent examples of iPhones being remotely compromised. Spyware created by Israeli surveillance company NSO Group has allegedly been used to target activists, journalists, lawyers and many others across the world. The tools, which can snoop on all communications and switch on the mic to turn the phone into a remote listening device, were installed via a WhatsApp hack. Facebook, WhatsApp’s owner, is now suing NSO Group as a result.
