Still holding onto an iPhone XS, XR or 11 because it gets the job done? There’s now a good reason to upgrade: usbliter8. This security flaw lets anyone with physical access to an older iPhone hijack the startup process, and Apple won’t be able to patch it with a software update.
That’s because it isn’t an iOS bug — the flaw is in the chip’s boot code, the first thing that runs when you turn on the device.
What the usbliter8 iPhone security flaw does
Security researchers at Paradigm Shift discovered the flaw, which they call usbliter8, publishing a detailed technical breakdown on Thursday. The firm said it worked with Apple before making the information public.
As for the flaw, it lives in the USB controller built into the older iPhone chips. When you plug an affected iPhone into a computer while it’s in Device Firmware Update (DFU) mode, the exploit sends a specific sequence of tiny USB packets.
It tricks an internal memory pointer into going backward instead of forward, allowing attackers to write data into the wrong parts of the memory.
From there, things get worse. The attacker can plant code that survives restarts and boot a piece of software not approved by Apple. It can even stamp a “PWND” tag directly into the USB serial number, something jailbreakers have been doing for years.
Which Apple devices are affected?
The security flaw affects the iPhone XR, iPhone XS, iPhone XS Max, iPhone SE (2nd gen) and the entire iPhone 11 lineup. It also reaches way beyond your pocket. Paradigm Shift says it extends to the iPad Air 3, iPad mini 5, eight- and ninth-gen iPad, Studio Display, Apple Watch Series 4 and 5, Watch SE (1st gen), Apple TV 4K (2nd gen) and even the HomePod mini.
Researchers go on to say that “technical support for A12X/Z is possible,” but it’s “not currently implemented.” That means the iPad Pro 2018 and 2020 could end up on the list.
Notably, the security exploit does not affect the iPhone X and earlier. This is because the A11’s USB driver resets the memory pointer after every packet sent. iPhone 12 and newer are also unaffected because the A14 chip handles memory protection differently at the hardware level.
Apple’s previous device-wide BootROM scare (called checkm8) affected the iPhone 4S to the iPhone X. Now, usbliter8 picks up right where it left off.
Should you ditch your old device?
This is not a remote attack. What it means is that the attacker will need physical access to your device. And Apple’s Secure Enclave, the mechanism that protects your passcode and encrypts your data, remains unaffected.
Researchers say usbliter8 could theoretically help crack the Secure Enclave indirectly. But for now, your data isn’t up for grabs.
The team also notes that “affected users should be aware that migrating to newer hardware remains the most effective mitigation.”
If you still own an A12- or A13-powered device, this could be your sign to upgrade.
