1/n: My rant about the new Checkm8 BootROM exploit and what it means for security of iOS devices.

2/n: it is super cool technically and I’m looking forward to playing with it on my older iOS devices.

3/n: There is a world of difference in the security of iOS-based devices between the last public BootROM exploit (limera1n) and now due to the introduction of the Secure Enclave. With limera1n, you could boot a ramdisk and brute force a 4-digit PIM in roughly 18 minutes.

4/n: On devices with the Secure Enclave, the kernel has to ask it to unlock the device. The kernel also has to give it its signed firmware at boot (and cannot rollback to previous versions). Even when using a BootROM exploit to modify kernel, you can’t mess with Secure Enclave.

5/n: The Secure Enclave enforces rate limits and erase-device-after-n-failures (I think?), so there isn’t much advantage to trying to brute force after booting a modified kernel. They can, however, modify the kernel in memory, give you back your device, and hope you don’t reboot.

6/n: For persistence, they have to find a way to modify the filesystem to run an exploit at boot to get code execution, and then exploit the kernel to re-jailbreak. This is what is needed for what are called “tethered” jailbreaks. Checkm8 doesn’t do that (yet). It’s still hard.

7/n: This is one link in an attack chain and one that requires physical access to exploit. The attacker still needs the other links to do Bad Things (TM). I don’t think sky is falling. Browser full-chains and iMessage remotes are still way scarier to me.

8/n: Finally, why is the sky not falling from this compared to the discovery and release of limera1n?

Because of some bad-ass security engineering on developing and shipping the Secure Enclave, that’s why.

Fin.