Currently, two publicly available jailbreaks, checkra1n and unc0ver, are roaming the Internet and casting a dark shadow over the security of the iOS platform.
The checkra1n jailbreak is based on the checkm8 security hole, a hardware-based exploit, which is why there is no possibility for Apple to fix the underlying vulnerability on the affected devices (iPhone 5s, 6, 6 Plus, 7, 7 Plus, 8, 8 Plus, iPhone X). Checkm8 hit iPhones in 2019 and allowed all iOS devices released before 2018 to be jailbroken.
The unc0ver jailbreak is based on software exploits in the iOS kernel. This affects all device models on which iOS 11.0 to 13.5 can be installed (from iPhone 5s, all iPad models). However, this jailbreak can no longer be used with iOS 13.5.1. More information about unc0ver here.
With these (and other) jailbreaks, users are able to circumvent many of the restrictions implemented by Apple on their devices and to use “foreign” function-enhanced apps or OS features. The price for this extra freedom, however, is the loss of various iOS protections that protect users from malware or data protection violations, for example. At the same time, this represents an enormous risk in a business context.
At the moment, however, a far greater problem appears to be looming.
Secure Enclave in danger?
One of the major security enhancements Apple has introduced for its devices over the years is the Secure Enclave chip. This chip, also known as SEP (Secure Enclave Processor), is a security co-processor that encrypts and protects all sensitive data stored on the devices.
It is important to note that while the secure enclave chip is built into the device, it is completely separate from the rest of the system. Every read / write access between memory and CPU is reliably encrypted by the Secure Enclave with AES-256-XEX (XTS). The Secure Enclave is not only responsible for the encryption of the data streams, but also stores the associated keys and sensitive data such as passwords or Apple Pay credit cards. Even the mathematical derivations of Touch ID and Face ID necessary for biometric identification (these do not allow back calculation to a real finger or a real face) are stored there. None of the previous jailbreaks could endanger the Secure Enclave or break into it – until now.
This is not the first time that people have claimed to have discovered a security gap in the Secure Enclave. In 2017, a group of hackers managed to decrypt the Secure Enclave firmware in order to investigate the functionality of the component. However, they were unable to get access to the private keys, so there was no real risk to the users.
However, at the end of July members of the Pangu team claimed they had found a permanent vulnerability in the Secure Enclave itself. The exploit found in the process is said to be irreversible for Apple and could lead to the encryption of the private security key being cracked.
This means that the allegedly identified vulnerability is in the hardware and not in the software. Similar to checkm8, all iOS devices with an A7, A8, A9, A10 or A11 chip are affected.
The (alleged) iOS exploit in detail
The Secure Enclave (not to be confused with the Secure Element) is part of Apple’s A-Chip architecture. The SEP is isolated in the architecture with a hardware filter so that the processor itself cannot access it. It shares the RAM used with the processor, but some of that RAM (known as TZ0) is encrypted. The SEP itself is a 4MB AKF processor core that can be flashed with the SEPOS.
The structure was documented by Apple in patent application 20130308838. The technology used and the internal structure is very similar to the TrustZone / SecurCore architecture from ARM. However, Apple would not be Apple if the SEP did not contain any proprietary code: Like the BOOTROM, this SEP chip also has an independent SPPROM for loading its own operating system (SEPOS) and the program code running on it.
Due to the special nature of ROM, however, it is a system built into the chip that is write-protected. And it is precisely this ROM that supposedly brings the vulnerability with it.
The team at Pangu demonstrated at a security conference how they exploited a bug in the memory controller to manipulate the TZ0 register memory that controls the range of SEP memory usage. If you are interested in more details, the slides of the lecture are now publicly available.
The concern is that access can mean that passwords, credit cards details and much more are vulnerable. The data of many thousands, even millions, of iPhone, iPad – and even Mac users – could be at risk if this is true.
One could assume that this exploit will requires physical access to the device, however. The reason for this is that the content of the TZ0 register is locked after the boot process and cannot be changed. It can is therefore unlikely that someone can remotely exploit the exploit.
Other measures such as disconnecting the USB interfaces, should (probably) also provide good protection for this exploit. We have some security tips for iPhone users that could prove useful.
iOS 14 slows down jailbreak
As far as the checkra1n jailbreak is concerned, iOS 14 and iPadOS 14, which will be available in autumn, should bring a fix because Apple is including a number of new internal protective measures that will make jailbreaking more difficult.
There is unofficially a working jailbreak for iOS 14 and iPadOS 14, but this will probably not be “officially” available before the end of the beta tests, so it is likely that Apple will take countermeasures shortly before the end of the beta test.
Do not confuse checkra1n with the fundamental problem (exploit) under the name checkm8. This continues to exist in unchanged form.
This isn’t the only threat: a bug in iOS made iPhone hack possible.
This article originally appeared on Macwelt. Translation by Karen Haslam.