X-Received: by 2002:a1c:80c6:: with SMTP id b189mr15050217wmd.34.1569772346590;
        Sun, 29 Sep 2019 08:52:26 -0700 (PDT)
Path: ...!q4no7452965wmc.0!news-out.google.com!a6ni7912wma.0!nntp.google.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Jolly Roger <jollyroger@pobox.com>
Newsgroups: misc.phone.mobile.iphone,comp.mobile.ipad
Subject: The 'Checkm8' exploit isn't a big deal to iPhone or iPad users, and
 here's why
Followup-To: misc.phone.mobile.iphone
Date: 29 Sep 2019 15:52:25 GMT
Organization: People for the Ethical Treatment of Pirates
Lines: 105
Message-ID: <gvc29pFqrc6U1@mid.individual.net>
Mime-Version: 1.0
X-Trace: individual.net eBu/jVzYSiaAJ0ucHNMznAKR8JwDMJc12PhBF3N7Elrwbae9SL
Cancel-Lock: sha1:Kmy4hpymD3dW705Qzl0alJwfdjg=
X-No-Archive: Yes
Mail-Copies-To: nobody
X-Face: _.g>n!a$f3/H3jA]>9pN55*5<`}Tud57>1<n@LQ!aZ7vLO_nWbK~@T'XIS0,oAJcU.qLM
 dk/j8Udo?O"o9B9Jyx+ez2:B<nx(k3EdHnTvB]'eoVaR495,Rv~/vPa[e^JI+^h5Zk*i`Q;ezqDW<
 ZFs6kmAJWZjOH\8[$$7jm,Ogw3C_%QM'|H6nygNGhhl+@}n30Nz(^vWo@h>Y%b|b-Y~()~\t,LZ3e
 up1/bO{=-)
User-Agent: slrn/1.0.1 (Darwin)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Bytes: 6219

<https://appleinsider.com/articles/19/09/28/the-checkm8-exploit-isnt-a-big-deal-to-iphone-or-ipad-users-and-heres-why>

The 'Checkm8' exploit isn't a big deal to iPhone or iPad users, and here's why

---
On Friday morning, news —and bad headlines —started circulating about an
exploit ranging from the iPhone X all the way back to the iPhone 4s.
But, despite the typical mass-media responses to the news, the exploit
will have effectively zero impact on the consumer. Here's why.

Apple's iPhone 5c, the last without a Secure Enclave

On Friday morning, hacker axi0mX revealed the "Checkm8" exploit. For the
first time in nearly a decade, this particular vector is aimed at the
boot ROM in an iPhone or iPad, as opposed to trying to pry open the iOS
software.

A series of tweets broke down the exploit —and spelled out some
limitations and answers about the exploit. Cue Internet drama.

<https://twitter.com/axi0mX/status/1177542201670168576>

User vulnerability?

The Checkm8 exploit isn't a drive-by attack. A user can't visit a
website and be targeted for malware installation. The exploit isn't
persistent, meaning that every time the iPhone is rebooted, the attack
vector is closed again.

Earlier iPhones, from the iPhone 5c and earlier, lack a Secure Enclave.
If you surrender access to your phone, a dedicated assailant can extract
your iPhone PIN. But, phones with a Secure Enclave —everything from the
iPhone 5s and on —cannot be attacked in such a manner.

Furthermore, the exploit is tethered. That means that an iPhone or iPad
needs to be connected to a host computer, put into DFU mode, and
exploited that way —and the exploit doesn't always work, relying on a
"race condition" according to Checkm8. 

Software like keyloggers or other malware could theoretically be
installed following an attack. But, other mechanisms that Apple has put
into place will defeat that, following a device reboot.

Apple has implemented what's called a "Secure bootchain." In short,
there are steps at every part of iOS software implication that check the
integrity of the previous step —and some that check the next step —to be
sure that the phone is safe. The secure bootchain checks wouldn't allow
software that doesn't comply to function after a hard reboot of an
iPhone.

We've gleaned this information above from Apple in the hours following
the exploit's release. The developer axi0mX confirmed these findings,
and discussed the implications further in an Ars Technica interview on
Saturday morning.

<https://arstechnica.com/information-technology/2019/09/developer-of-checkm8-explains-why-idevice-jailbreak-exploit-is-a-game-changer/>

All this said, in short, a user has to either specifically want to do
this procedure to their iPhone and take the steps to execute them, or be
careless with device physical security and be specifically targeted by
an assailant for it to be of any real concern.

If you're really worried about it, it's time to ditch the iPhone 5c or
older that you may be hanging on to. And, you can always completely shut
down your iPhone after you've left it unattended for any period of time. 

A reboot will not just flush out the exploit, but also break any
software that may have been installed in your absence.

Jailbreaking is fine!

We're not opposed to jailbreaking here at AppleInsider. A few staffers
have done it in the past.

AppleInsider doesn't generally cover jailbreak exploits. In the
cat-and-mouse game that is constantly raging between Apple and the
jailbreak community, information published today is often outdated
tomorrow. This isn't much different than that in actuality, but it got a
much wider audience outside of the tech media.

In that media, in the very few hours after the Checkm8 exploit was
revealed, there has been a lot of fear, paranoia, and finger-pointing
done across the internet. There is no real reason for it at all.
Fortunately, as of yet, there haven't been any "nasty secret" style
headlines regarding this matter. We're sure that some content management
system someplace has one stored, though, and we're also pretty sure we
know who's going to do it first.

Most of the headlines are right. This is a big deal for the jailbreak
community. We don't think it's a bad thing at all. Because of
limitations for assailants, it just makes no difference to nearly every
iPhone or iPad user outside of that community, though.

If you take anything away from this, it should be that your are no less
safe today from the reveal of Checkm8 than you were yesterday, or the
day before, or four years ago. Malware can't exploit it at all, and if
you maintain physical security of your iPhone 5S and newer, then your
passcode —and your data —remains safe.
---

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR