Morvintel
AI & ML

New BootROM Vulnerability Exposes A12 and A13 Chip Devices to Exploits

| 5 min read

Researchers from Paradigm Shift have disclosed details about a significant vulnerability named usbliter8, which impacts devices running Apple’s A12 and A13 chips. This BootROM exploit enables arbitrary code execution and cannot be patched, raising critical security concerns.

How usbliter8 Operates

The Paradigm Shift team elaborated on how usbliter8 exploits a combination of a hardware flaw in the USB controller and a configuration issue within the device’s firmware. This kind of vulnerability is particularly concerning because BootROM exploits at this level allow for deep system access, making them difficult to defend against post-disclosure. The details of this vulnerability were shared with Apple prior to its public announcement, indicating a degree of collaboration that’s unusual in the often adversarial relationship between security researchers and tech giants.

This vulnerability affects the following Apple silicon chips: A12, S4, S5, and A13. While the team predominantly mentions iPhones, the range of devices impacted speaks to the widespread implications of this risk:

  • A12: iPhone XR, iPhone XS/XS Max, iPad Air 3, iPad mini 5, iPad 8, and second-generation Apple TV 4K
  • S4: Apple Watch Series 4
  • S5: Apple Watch Series 5, first-generation Apple Watch SE, and HomePod mini
  • A13: iPhone 11/11 Pro/11 Pro Max, second-generation iPhone SE, iPad 9, and Studio Display

Interestingly, while usbliter8 explicitly doesn't mention the A12X/Z, the researchers hint at potential vulnerabilities related to the 2018 and 2020 iPad Pro models. This suggests a broader concern that, although specific devices may not be targeted directly, they may harbor similar vulnerabilities that could be exploited under different conditions.

At its core, usbliter8 functions by sending specially crafted data to the device during DFU (Device Firmware Upgrade) mode. This confuses the USB controller, resulting in data being written to incorrect memory locations. Essentially, it’s a way of tricking the device at its most vulnerable point. This can have dire consequences for device security. Consider this: once an attacker has physical access and can manipulate the startup process, the typical safeguards offered by iOS are circumvented.

Image: Introducing usbliter8

Such access enables the execution of custom code before iOS initializes, bypassing standard security protocols and potentially allowing modified system software to boot. An attacker could install malicious applications or modify settings that would turn a claimed secure device into a conduit for data theft or surreptitious monitoring. Critically, the exploit doesn’t jeopardize the Secure Enclave, meaning sensitive data like passcodes remain protected. Still, the Paradigm Shift team warns that while usbliter8 does not compromise the Secure Enclave itself, it does potentially widen avenues for attacks aimed directly at it. Their intent behind revealing this exploit centers on illustrating the broader implications of the underlying hardware vulnerabilities.

What remains particularly challenging is that exploiting the A13 chip involves navigating a more sophisticated security measure called Pointer Authentication Code (PAC). This feature is designed to thwart code redirection attempts, but the researchers discovered ways to bypass it by strategically corrupting memory sections over multiple steps and seizing control of the USB interrupt handler. This signifies not only a vulnerability but also hints at the constant arms race between security advancements and the ingenuity of those hoping to exploit them.

Next Steps for Users

The unpatchable nature of this exploit suggests that users of vulnerable devices should consider hardware upgrades as the primary defense strategy. In a tech world where older devices lose support and security upgrades, this is more significant than it looks. Notably, the A11 chip and earlier versions are not affected by usbliter8 but are susceptible to the checkm8 BootROM exploit, which has also served as a foundation for various jailbreak tools. Users may need to weigh the risks of continuing to operate older models against potential benefits.

The Paradigm Shift team has shared a proof-of-concept project on GitHub, which gained considerable attention shortly after being published. Their technical report, while dense, provides an insightful look into the workings of usbliter8. For those interested in a deeper dive, further details can be accessed through their official blog post. This kind of openness is vital in the cybersecurity community, as it allows developers to understand potential threats better and helps raise awareness around device security.

Future Implications

This incident raises profound questions about the security of hardware and the potential for similar issues in future chips. Given that BootROM exploits are difficult to rectify due to their deep-seated nature, manufacturers like Apple will have to rethink their design and testing processes. For users, the reality is clear: maintain an awareness of the devices they use and the inherent risks involved. If you're working in this space, these revelations could influence not just product development but also consumer choices regarding device longevity and security practices.

It highlights an evolving understanding that security can’t solely rely on software updates. Manufacturers are facing mounting pressure to adopt a life-cycle strategy that incorporates security from the earliest design stages, not merely as an afterthought. As this vulnerability illustrates, the next generation of devices must be built with a mindset that anticipates flaws before they can be exploited. This isn't just a technical challenge; it’s a philosophical shift towards a more secure technological future.

(h/t Gui Rambo)

Source: Marcus Mendes · 9to5mac.com