September 25, 2019

    iOS App Jailbreak Detection Need Highlighted by Checkm8

    Latest iOS security breach is arguably the biggest so far and impacts iPhones 4S through 8 and iPhone X. 
    For the third time in less than two months, a major security issue shows just how much mobile app protection is not only recommended but indispensable. (Read about the previous iOS security incident). 

    Released earlier today, the exploit - dubbed Checkm8 - takes advantage of an unpatchable bootrom bug present in all Apple devices using chips A5 through A11, which - among other things - can lead to permanent untethered jailbreaks for all of them, regardless of the installed iOS version.

    The exploit will enable users to downgrade their iOS version to any older version. It will also enable each iOS version that will still run on these chips, to be easily analyzed and checked for bugs that may give insight on how to jailbreak newer and future devices.

    Unlike the currently available jailbreaks for recent Apple devices, which exploit a software bug in iOS, Checkm8 exploits the bootrom. This means that regardless of the updated iOS versions on these devices, this exploit cannot be patched. On the other hand, software bugs are usually immediately fixed within the next iOS update. Moreover, since iOS versions cannot be downgraded, this renders the device “unjailbreakable”. Until now the latest jailbreakable iOS version was iOS 12.4.

    Checkm8 may lead to untethered jailbreaks which are preserved across phone reboots. This means that jailbroken phones will probably become much more prevalent very soon. For app developers, this means that their applications will most likely be installed and run on jailbroken devices even more-- greatly increasing the attack vectors into their apps. Even limiting your app to only the latest iOS versions does not ensure it will not be run on compromised devices anymore.

    Nonetheless, there are a variety of measures that can ensure your iOS apps remain protected against such threats (e.g. jailbreak detection). Only mobile app protection software, such as iXGuard, can provide your applications with comprehensive app protection. The string of recent security breaches is further urging publishers to adequately secure their applications. Exploits like Checkm8 are just another reminder of how much the built-in security mechanisms of iOS alone are not enough. Learn more about iOS application security.
     

    Tag(s): iOS , Protection , iXGuard

    Guardsquare

    iXGuard protects iOS apps & SDKs against analysis and attacks, with multiple hardening techniques & RASP

    Download Fact sheet >

    Other posts you might be interested in