A Barcelona firm has put out a warning: for millions of older iPhones, a security risk is here to stay and can’t be mended with an update. The flaw, which they’ve made public, is on devices like the iPhone 11 and could give an attacker the upper hand at boot time. They are calling it ‘usbliter8’.
What the new iPhone exploit means for you
The problem is in the hardware, not in iOS, according to Paradigm Shift. So don’t expect an over-the-air update to seal it up. They have put the technical side of things and a proof of concept out there for all to see.
Then again, you can’t be hacked from a distance with this. To pull it off, an attacker has to be in front of the phone and plug in a cable.
How the attack works, in plain terms
It all comes down to the Boot ROM, the very first thing that runs when you turn on an iPhone. It’s the gatekeeper. Get past it and the rest of the defences are open to being sidestepped.
‘usbliter8’ makes use of a bug in the USB controller of the A12 and A13. If a data transfer is handled in a certain way, you get a buffer underflow and code is able to go where it doesn’t belong.
You can’t change what’s been written into the chip. Since the Boot ROM is set in stone, Apple has no way to patch it. For anyone in the crosshairs, a new phone is the only real answer, says the firm.
Who is at risk
We’re talking about any iPhone running on an A12 or A13. These came out in 2018 and 2019 and are in everything up to the 11.
So if you are on an XS, XR or 11, this applies to you. It does take some hands-on work with a cable, which is a bit of a barrier, but the threat is still there.
Inside the security stakes
Making ‘usbliter8’ public is a big deal. You now have a working method in the open. The report suggests that outfits like Cellebrite, who do work with the police, have had their own version of this for a while.
Other researchers will no doubt make something of it. We could see a full jailbreak for these old chips, and with it, some serious risks to your data and the phone itself.
Practical steps to reduce exposure
It is a matter of the hardware, but you can do something about it. Keep an eye on who is handling your phone; as we said, they need to be there in person.
Can’t make an upgrade? Here are a few things from the report to harden your position:
– Put on the most recent iOS you can for your model
– Be choosy about who gets to hold your device
– Don’t tap on links you don’t trust
– Steer clear of a jailbroken iPhone
– Make a move to a model that is still being supported
Why this matters now
These phones have a habit of going the distance, and for many that’s a good thing. Not when you have a chip-level defect with no software remedy. For the owners of an XS, XR or 11, it is a no-brainer, even if it is a hard one to make.
Paradigm Shift is making it clear: the best you can do is get a new piece of hardware. In the meantime, guard your physical access and be a little more careful with how you use the phone to keep an attack at bay.
