A possible exploitation that lies on the Checkm8 incorrigible fault.
The fault in question had been discovered last october and embarrassed Apple because it couldn't fix it. Indeed, the vulnerability resides in the chips of smartphones and tablets A5 A11, that is to say the previous models iPhone X and iPad2, and cannot be corrected by an update. A flaw which, fortunately, represents a limited risk for users.
If the risks are limited, they are not zero, as proven Elcomsoft, a company specializing in the development of digital forensic tools. On his blog, company says it can access data from a locked iPhone using the Checkm8 flaw thanks to a tool specially developed for this purpose.
The tool would be able to retrieve data from the locked iPhone when it is still at the BFU, Before First Unlockt stage before the first unlocking. A state that corresponds to the moment when the iPhone was restarted, but it has not yet been unlocked.
Elcomsoft still indicates that the iPhone jailbreak is necessary to extract data from it. If this is not the case, it is always possible to do so since for this, the iPhone password is not necessary.
In the Apple world, iPhone content remains encrypted securely until the user types their code. The code is required by the secure enclave to produce the encryption key, which in turn is used to decrypt the iPhone file system. , explains the company.
Obviously, as a digital forensic software development company, the exploitation of the flaw is not intended to steal data from iPhone owners. Elcomsoft sells its tools to the police. These can then be used to force access to an iPhone belonging to a suspect or a criminal.
But if the company did it, you can easily imagine that hackers are doing it too. However, they will imperatively have to have the iPhone to be able to abuse it. That is why the risks are present, but limited.