- Paradigm Shift discovered “usbliter8”, a hardware flaw in A12/A13 iPhone and S4/S5 Apple Watch chips that allows jailbreak via USB data management
- Exploitation requires physical access and the Raspberry Pi, but allows bypassing iOS limitations and deep system compromise
- Apple can’t patch; only unaffected models (pre-A12 or A14+) are safe, making device replacement the only remedy
Security researchers Paradigm Shift have discovered a vulnerability in older iPhone and Apple Watch models that can be used to jailbreak the devices. What makes this vulnerability special is the fact that there is no workaround for it – the only way to be sure is to replace the device with a newer model.
The good news is that exploiting the bug is not that simple. It cannot be done remotely, as the attacker must have physical access to the device and must connect it to a Raspberry Pi.
It’s still an important finding, and one that puts stolen iPhones (or those confiscated by law enforcement) at risk.
Handling of incoming data
The researchers named the flaw usbliter8 and say it affects the iPhone XS’s A12 chip, the Apple Watch Series 4’s S4 chip, and the iPhone 11’s A13 SoC. Furthermore, the S5 (which powers the Apple Watch Series 5, first generation SE and HomePod mini) was also said to be vulnerable
The vulnerability stems from how these chips’ USB controllers handle incoming data. They do not properly reset memory addresses between data transfers, allowing an attacker to place unauthorized code in the chip’s protected memory.
Therefore, according to Paradigm Shift, the flaw can be exploited to jailbreak the device, meaning attackers can completely bypass iOS security restrictions, install software at the deepest level of the system, and potentially extract data stored on the device.
Since this is a physical hardware design flaw rather than a software flaw, Apple can’t fix it with an update, and the only way to stay safe is to move to another model that isn’t affected by usbliter8. It includes either earlier SoCs (older than A12) or A14 and newer chips.
Paradigm Shift said it notified Apple of its findings and thanked the company for its “prompt response, constructive engagement and cooperation throughout the disclosure process”.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
