Security researchers have uncovered a new, unpatchable hardware vulnerability affecting older Apple devices. Dubbed "usbliter8", the flaw resides in the Boot ROM of Apple's A12 and A13 Bionic chips, exposing devices like the iPhone XS, iPhone XR, and iPhone 11 series to permanent hardware-level exploitation.
Discovered by the Barcelona-based offensive cybersecurity firm Paradigm Shift, the vulnerability operates at the lowest level of the hardware's boot sequence. Because the Boot ROM is write-once memory burned during manufacturing, Apple cannot fix this flaw via iOS software updates.
⚙️ Understanding the Boot ROM & 'usbliter8'
When an iPhone boots up, the first code it executes is the Boot ROM (or SecureROM). This code initializes the hardware, configures basic security controls, and verifies the signature of the next boot stage (iBoot) before loading the operating system.
If a vulnerability exists in the Boot ROM, an attacker can hijack the boot process before any security checks are initialized.
[ Power On ] ──> [ Boot ROM (Exploited via usbliter8) ] ──> [ Signature Checks Bypassed ] ──> [ Custom Kernels Loaded ]
Key properties of the usbliter8 exploit:
- Hardware-Bound: It resides in immutable silicon. Software updates can do nothing to remove the exploit from existing chips.
- Physical Access Required: The vulnerability can only be exploited over USB while the device is in Device Firmware Update (DFU) mode. It cannot be triggered remotely.
- Foundational Step: While it allows running unsigned code at boot time, it is not a standalone jailbreak. Attackers must chain it with additional software exploits to bypass sandboxes and read secure user data.
🕵️ Impact on Security Researchers and Forensic Firms
This exploit is reminiscent of the famous checkm8 vulnerability released in 2019, which affected A5 through A11 chips. Much like checkm8, usbliter8 represents a massive win for:
- Security Researchers: Allowing them to dump secure enclave keys, reverse-engineer iOS components, and study low-level processes on A12/A13 hardware.
- Forensic Firms (e.g., Cellebrite): Providing a persistent, unpatchable entryway for law enforcement to bypass passcode entry limits and extract device backups.
However, Apple has since introduced additional hardware-level mitigations in newer chips. A14 Bionic and later processors are completely unaffected by this specific bug, meaning devices like the iPhone 12 and onwards remain secure.
🛡️ What Should Users Do?
For the vast majority of consumers, the risk is minimal. Since the exploit requires physical custody of the device and a wired connection, remote hackers cannot compromise your phone using this vulnerability.
However, users in high-risk professions (such as investigative journalists, political activists, or corporate executives) who still rely on the iPhone XS or iPhone 11 series are strongly advised to upgrade to a newer device (iPhone 12 or later) to ensure hardware-level security integrity.
