In this state of BFU, data on the iOS device is normally very securely encrypted until the user makes their first attempt to unlock by code.
Only, according to Elcomsoft, it is possible to access data from the iPhone or iPad, even in BFU state, such as information from the access keychain, notably containing passwords, identifiers and email addresses. However, the hacking procedure requires installing jailbreak software on the targeted device. But this can be done even on an iPhone in BFU condition.
Which device affected?
Elcomsoft specifies that the security flaw no longer exists on recent Ax chips. Thus, iOS devices equipped with an A12 processor or newer model are not affected. But all iOS devices equipped with an A7, A8, A9, A10 or A11 chip present the vulnerability exposed above, either the following iPhone and iPad models:
- iPhone 5s, iPhone 6 and 6 Plus, iPhone 6s and 6s Plus, iPhone SE, iPhone 7 and 7 Plus, iPhone 8 and 8 Plus, iPhone X
- iPad Air 1 and 2, iPad mini 2, 3 and 4, iPad Pro 12.9 ″ (1st and 2nd generation), iPad Pro 9.7 ″, iPad Pro 10.5 ″, iPad (5th and 6th generation)
How to take advantage of the flaw?
The tool used by Elcomsoft costs $ 1,500. And to hack the iPhone by installing the jailbreak, the software underlying the procedure, the hacker must have the iPhone or the iPad physically with him.
The tool used by Elcomsoft costs $ 1,500. And to hack the iPhone by installing the jailbreak, the software underlying the procedure, the hacker must have the iPhone or the iPad physically with him.
With its new and newer A12 chips, Apple seems to have already corrected this. But will it be able to correct in a software way the flaw highlighted here by Elcomsoft and present on millions of iOS devices already in circulation? Nothing is less sure.
Commentaires
Enregistrer un commentaire