Checkm8 Exploit Allows Access To iPhone Data, Email Passwords Even When Vulnerable Devices Are Locked
A company now claims that it is able to extract data from devices running iOS 12 through iOS 13 even when they are locked. Elcomsoft uses the checkm8 exploit that affects the majority of A-series chips.
That exploit ultimately led to the Checkra1n jailbreak, but Elcomsoft says that it can also use it to gain access to data. In fact, it is selling a $1495 tool that works even when the phone is in BFU mode, or Before First Unlock. That state should be the most secure state an iPhone can ever be in while still powered on.
The BFU stands for “Before First Unlock.” BFU devices are phones that have been powered off or rebooted and have never been subsequently unlocked, not even once, by entering the correct screen lock passcode.
In Apple’s world, the content of the iPhone remains securely encrypted until the moment the user taps in their screen lock passcode. The screen lock passcode is required by Secure Enclave to produce the encryption key, which in turn is used to decrypt the iPhone’s file system. In other words, almost everything inside the iPhone remains encrypted until the user unlocks it with their passcode after the phone starts up.
It is the “almost” part of the “everything” that’s being targeted by Elcomsoft iOS Forensic Toolkit. The company has discovered certain parts of data being available in iOS devices even before the first unlock.
And just to make things worst, Elcomsoft says that at this point, some Keychain data remains accessible. That could include authentication credentials for things like email accounts.
The good news is that Apple’s latest devices are immune to this, with those impacted being devices running the A7 through A11 chips.
This includes the iPhone 5s, 6, 6s, SE, 7 and 8 along with the Plus versions, as well as the iPhone X. Apple iPad devices running on the corresponding CPUs are also supported, which includes models ranging from the iPad mini 2 all the way up to the 2018 iPad, iPad 10.2, iPad Pro 12.9 (1.Gen), and iPad Pro 10.5.
Elcomsoft already sells some of its wares to law enforcement agencies.