Checkm8: an "unstoppable" Iphone jailbreaking crack

Last month, a developer called Axi0mx released an Iphone crack called Checkm8, which attacks a defect in the Ios bootrom, a low-level piece of code that has not been successfully attacked since 2010. The bootrom is read-only, making its defects effectively unpatchable, short of removing the chip and swapping it for one with more robust code (the attack also works on version 1, 2 and 3 Apple Watches).

The crack targets 11 generations of Iphones (though not the most recent ones), and it has important limitations: it has to be run every time the device reboots, and requires physical access at boot-time in order to execute. Despite this, as Dan Goodin notes at Ars Technica, "Checkm8 is going to benefit researchers, hobbyists, and hackers by providing a way not seen in almost a decade to access the lowest levels of iDevices."

Axiomx and Goodin discussed the crack, and Axiomx points out that some affected devices can be seriously compromised by Checkm8: Iphones without the "secure enclave" trusted module can be attacked with Checkm8 to bypass the unlock PIN. The secure enclave is present in Iphones from the model 6 and above, but Iphone 5s and earlier models are seriously compromised by this attack.

In the meantime, Axiomx holds out hope for security researchers who want to explore other Ios vulnerabilities without subjecting themselves to the strictures of Apple's security program, and for people who want to install apps from alternative app stores.

axi0mX: If you have a few minutes, I have more things that you may find interesting:Apple has been making jailbreaks very difficult.