iPhone security vulnerability by checkra1n JailBreak tool
The vulnerability was discovered by Hiraku Dev, he believes this is probably the most devastating exploit ever discovered on iOS devices.
In short:
Only iPhone XR, iPhone XS, iPhone 11 series, iPad Pro 12.9 inch &11 inch(Third gen), iPad Air(Third Gen), iPad mini(5th Gen) are unaffected.
Everything including iPhone 4s to iPhone X, iPhone 8, iPod touch, Apple TV, Apple Watch, even Homepod is vulnerable to this security loophole.
A few months ago, hackers discovered a bootrom loophole called checkm8 that led to the creation of the Jailbreak tool “checkra1n”. We all know that a perfect, impeccable system does not exist, every operating system has its own vulnerabilities that could either be known as a feature or a bug. Small bugs often lead to battery draining or system freezing, however, severe bugs may likely lead to security risks such as letting hackers steal your personal data.
Before checkra1n was released, hackers had to lure you into downloading malware onto your iPhone to bypass your lock screen, everything between you and the malicious ones are protected by your password which you keep it to yourself. The password protection on iPhone are known for its reliability, often making to the news as how it kept FBI hackers from breaking in. A private exploit acquisition program called Zerodium even offered up to 2 million dollars for iOS security vulnerabilities.
checkra1n redefined how bypassing an iPhone lock screen could be a simple trick
Hiraku Dev, the person behind the discovery of this exploit, successfully cracked open an iPad mini 2, an iPhone 7 Plus, and an iPhone 6S in his experiment.
The steps are demonstrated below:
- Flash iOS 13.2.2 onto the iPhone 6S with DFU
- setup iCloud, Find my Phone, Touch ID, Password after flashing, disconnect the device from PC.
- download an app and use it.
- connect your device to a PC without unlocking the device, run checkra1n in DFU.
- after cracking,
- You can see the photo list even though opening a specific photo is prohibited.
- Reading /var/mobile/Library/Preference is possible
- Mounting and Writing into the root directory is possible
In the experiment we can confirm a few things:
- Hackers can acquire user’s file list without any password.
- Accessing data without pressing “Trust this Computer”
- You can plant malware into the root directory even though you can’t read specific files.
- File protection only works after booting and unlocking the device for the first time, the attacker can return the exploited device to the user after attacking, then steal everything after the user unlock the device the second time.
Remarks made by Hiraku Dev
Never trust any device with your iPhone under any condition because every attack requires the attacker to enter the DFU mode on your iPhone, trusting a device could allow the attacker to access all your data on your iPhone.
Surprisingly, iPhone XS was not effected, this must mean that Apple is fully aware of the situation, yet the recently released iPod touch 7 Gen is still vulnerable to the exploit, Good Job, Apple!
The original article was published in Chinese, Hiraku Dev and his affiliates retain absolute right on this discovery.
