Unpatchable Hardware Flaw Exposes Older iPhones to Permanent BootROM Vulnerability
Security researchers uncovered 'usbliter8,' an unpatchable hardware vulnerability affecting iPhones with Apple's A12 and A13 chips. Exploiting a USB controller flaw during startup, it enables unauthorized code execution. As a hardware-level defect, this permanent bug means affected models cannot be secured via software, impacting millions of older devices globally.
Key points
- Security researchers at Paradigm Shift have identified and exploited a new hardware-level vulnerability, dubbed 'usbliter8,' in older iPhone models.
- The exploit leverages a hardware bug within the USB controller and a firmware configuration flaw on devices equipped with Apple's A12 and A13 chips.
- It allows an attacker to gain control of the device's boot process and run unauthorized code by sending specially crafted USB data during startup, even circumventing Pointer Authentication on A13 chips.
- As a hardware-based BootROM flaw, Apple cannot patch this vulnerability with software updates, leaving affected iPhones permanently susceptible unless users upgrade.
- This persistent security risk highlights that even Apple devices are not immune to deep-level hardware exploits, posing a concern for millions of users globally.
A significant hardware vulnerability, dubbed 'usbliter8,' has been publicly disclosed by security researchers at Paradigm Shift, impacting millions of older iPhone models globally. This newly identified flaw targets devices powered by Apple’s A12 and A13 Bionic chips, exposing them to a permanent security risk that cannot be resolved through software updates. The discovery underscores ongoing challenges in securing mobile hardware, particularly for devices with aging components.
The 'usbliter8' exploit leverages a sophisticated hardware bug found within the iPhone’s USB controller, coupled with a firmware configuration flaw. During the crucial startup process, before the operating system even loads, an attacker can send specially crafted USB data. This manipulates the controller into writing information to an incorrect memory location, thereby granting control over the device's boot sequence. Researchers successfully demonstrated this bypass, even on A13 chips which feature Apple’s Pointer Authentication (PAC) designed to thwart such low-level attacks, proving the exploit's potency.
Crucially, because 'usbliter8' originates from a hardware defect embedded within the BootROM (read-only memory responsible for initial boot), Apple is unable to issue a software patch to mitigate it. This means that every iPhone 11 series, iPhone XS/XR series, and potentially the 2nd generation iPhone SE and other devices utilizing these specific chipsets, will forever remain susceptible to this particular exploit. The only effective mitigation suggested involves upgrading to a device featuring a newer processor, a costly prospect for many users.
This vulnerability follows a history of hardware-level exploits on Apple devices, such as 'checkm8,' which also targeted the BootROM of older iPhones. While potentially requiring physical access or specific conditions to execute, the persistent nature of such hardware bugs highlights that no platform is entirely immune to deep-seated security flaws. For an international audience, this revelation serves as a stark reminder about the finite lifespan of hardware security, emphasizing the importance of considering device generation when assessing overall digital safety.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.