It sounds like a nightmare for hundreds of millions iPhone users. All iPhone devices that came on the market between 2011 and 2018 have a critical security problem. The vulnerability opens a gateway for hackers, intelligence agencies and criminals.
In such cases, Apple usually publishes an update in a timely manner that closes the gap. Different iPhone models will remain vulnerable forever. Many IT security researchers reacted to this case.
Which Devices Are Affected?
The exploit can be carried out on seven chip generations from A5 to A11. These processors can be found in iPhones, iPads, iPods and Apple’s TV boxes. A total of eleven iPhone models are vulnerable, starting with the iPhone 4S. The iPhone X is still at risk, even Apple’s new iOS 13 operating system does not close the gap. Only devices with an A12 or A13 chip are safe- and all models of the 11 series. At least a majority of the affected iPhones have a security function that limits the damage. Sensitive information such as passwords and biometric data are stored in encrypted form on this secure part of the processor.
No Protection Option Through Update
The vulnerability is so problematic because it cannot be closed by an update as usual. It is not in the software, but in the chipset: This is a hardware component that controls the processor. To fix the error, Apple would have to call back the affected devices and replace the faulty component. Whether this will happen is completely open at the moment.
Attack Only Via USB
There is no immediate threat to normal, less exposed users. Firstly, access via the Internet is not possible; this requires direct access to the device via USB. Second, unlocking is not permanent; the third-party software is lost when you restart. And thirdly, the data on the device is protected by Apple’s security measures. Mails, messages and pictures are encrypted and cannot be read even on a broken device. Decryption requires the passcode that is used to unlock the phone or iPad. Without this, data theft occurs indirectly.