A security expert has uncovered a virtually unfixable iPhone bug that can be used by hackers to gain access to millions upon millions of iOS devices throughout the world.
Called ‘checkm8’, the flaw affects all iOS devices that were released from 2011 to 2017, including iPhone, iPad, iPod Touch, Apple Watch and even Apple TV. The bug is reportedly able to permanently gain access to any of these iOS devices, regardless of any restrictions that Apple might have placed on software.
Checkm8 exploits a security flaw in the code that initially runs when the owner switches on the device. Since the bug is located in the iOS device’s read-only-memory (ROM) and not in the operating system as such, Apple can’t fix the problem with an iOS update.
Security expert AxiOmX said that he found the bug by reverse-engineering a fix that Apple released for the beta version of iOS 12 in 2018. The researcher claims that the “exploit for older devices makes iOS better for everyone” since it would enable users to run code far beyond what Apple initially intended.
Other experts warned that the bug could have huge implications for iOS devices, since it would enable outsiders to install malware or even software used by stalkers.
Law enforcement agencies and government hackers could also find it useful for surveillance purposes, for example. According to AxiOmX, the exploit can presently only be activated via USB and it is terminated when the device is restarted.
This, he said, made it an unlikely candidate for use by cyber-criminals. In an interview with Wired, he said: “It is possible that bad actors would use this, but I doubt it would be the first choice.”
He added that where it was most likely to be used is where someone had physical access to the device – for example, at border crossings or when the device was left unattended. Apple has so far not issued a statement.