It has been reported that a new vulnerability in Apple’s iOS operating system is sitting on hundreds of millions of iPhones, iPads and iPods, according to the researcher who found it. The hack has been dubbed checkm8 by a researcher who goes by the name axi0mX, who described the hack as “a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices.” That means hackers can take the code released by axi0mX on Github and potentially load the firmware (the core of the operating system) onto an iPhone. In turn, that means they have stripped Apple’s control away from the device and could do what they wanted on it, though some additional exploits would be required.
Checkm8 is not a cause for panic, but it is a wake-up call, much like a near-Earth asteroid miss that is not an extinction event but tells us to take the threat seriously and to improve capability. Checkm8 isn\’t a direct hit because it requires specific and rare ways for the exploit, but there\’s no guarantee that there\’s isn\’t a checkm8 2.0 lurking out there with a more virulent distribution mechanism. No platform is immune. No architecture is immune. If the world becomes harder to hack, the attackers will flow to the path of least resistance and will invest until they succeed.
All technologies must come from a perspective of assumed future compromise, and build in multiple forms of redundancy and must make everything recoverable. No more excuses: plan for opponents to break the supposedly unbreakable and make yourself antifragile now. As with cars that have a recall, anything can be fixed; but it gets expensive if this isn\’t planned early. If a car had a chance that a simple bump could cause the chassis to explode, cars would be recalled.
Likewise, if every iPhone and iPad in the world could be bricked and wasn\’t patch-able, Apple would have to start considering very expensive solutions. Whether this is a car, mobile phone or an IoT device, it\’s time to toughen up, expect an attack and be ready for the countermove to the hackers move.