Hardware security research on iPhones is notoriously difficult, say the researchers. The design of the devices effectively prevents people from seeing how the devices function internally.
“As a result," says Gregor Haas, first author of a paper on the study and a recent master’s graduate from NC State, "it has been difficult or impossible for independent researchers to verify that Apple devices perform the way that Apple says they perform when it comes to security and privacy."
However, a hardware vulnerability called "checkm8" uncovered in 2019 was found to affect several models of iPhone and is essentially an unpatchable flaw.
“We were able to use checkm8 to get a foothold at the most fundamental level of the device – when the system begins booting up, we can control the very first code to run on the machine,” says Haas. “With checkm8 as a starting point, we developed a suite of software tools that allows us to observe what’s happening across the device, to remove or control security measures that Apple has installed, and so on.”
Aydin Aysu, co-author of a paper on the work and an assistant professor of electrical and computer engineering at NC State adds, "This toolkit allows us to conduct a variety of fine-grained security experiments that have simply not been possible on Apple devices to this point."
There are practical reasons for wanting to have third parties assess Apple’s security claims, say the researchers.
“A lot of people interact with Apple’s tech on a daily basis,” says Haas. “And the way Apple wants to use its platforms is changing all the time. At some point, there’s value in having independent verification that Apple’s technology is doing what Apple says it is doing, and that its security measures are sound.”
For example, the researchers wanted to know the extent to which attacks that have worked against hardware flaws in other devices might work against Apple devices. In