A firm that markets spyware and hacking solutions to government bodies has disclosed information about a weakness in Apple chips that could enable hackers to unlock legacy iPhones.

This announcement paves the way for other experts focused on discovering iOS flaws, including those employed by governments or their contractors, to create viable hacks for iPhones, as long as they can identify additional vulnerabilities to connect with this one. This could assist security researchers in crafting what is termed an iPhone jailbreak, a method to infiltrate Apple’s mobile OS and eliminate all the restrictions imposed by the company.

Furthermore, the announcement serves as a reminder that although Apple has rendered iPhones incredibly challenging to hack, there exist and will always be vulnerabilities that advanced hackers can exploit to gain access.

On Friday, Paradigm Shift, a proactive cybersecurity firm located in Barcelona, released a blog entry detailing the vulnerability, which they named “usbliter8.” The organization also shared a proof of concept demonstrating how to take advantage of the vulnerability, requiring physical access to the targeted device. 

The defect and its corresponding exploit impact iPhones equipped with Apple-designed chips A12 and A13, launched in 2018 and 2019, and are found in older models such as the XS, XR, and extending to the iPhone 11.

The unveiling of usbliter8 bears significance within the realm of security research and for manufacturers of spyware and hacking tools, but it does not imply that older iPhones can be easily hacked by anyone. 

The flaw identified by Paradigm Shift affects the iPhone’s Boot ROM, which is the initial piece of code executed upon powering on the iPhone, thus serving as its primary defense line against intrusions. To compromise an iPhone with direct access — that is, having the capability to connect a cable — hackers must first exploit the Boot ROM. Now, they can achieve this thanks to usbliter8, which enables them to potentially conquer and circumvent additional security measures.

Paradigm Shift noted in their blog that “as these vulnerabilities reside in immutable code, affected users should recognize that transitioning to newer hardware is the most effective mitigation.” 

In simpler terms, since the Boot ROM is embedded into the chip, it cannot be altered, and any flaws within it remain unpatchable.

Generally, companies providing tools to hack into iPhones confiscated by authorities, such as Cellebrite and Magnet Forensics, require, and probably already have, techniques akin to usbliter8 to infiltrate iPhones. Nevertheless, hackers still need to apply other methods to access the user data stored on the device.

Public iPhone jailbreaks were relatively common in earlier years, but they have diminished in frequency over the past decade. Jailbreaking an iPhone frequently serves as the initial step for investigating other system vulnerabilities. Researchers, determined to uncover valuable iPhone weaknesses and means to exploit them, have limited motivations to publicly disclose that information, as it would prompt Apple to rectify the flaws and hinder the researchers’ progress.

Paradigm Shift did not address a series of inquiries regarding usbliter8.