"Researchers Develop Toolkit to Test Apple Security, Find Vulnerability"

Researchers at North Carolina (NC) State University have developed a software toolkit to test Apple devices' hardware security. During their proof-of-concept (POC) demonstration, they were able to identify a previously unknown vulnerability, which they dubbed iTimed. Using the toolkit, they conducted various fine-grained security experiments that had not been possible on Apple devices until now. Apple's devices were designed to prevent people from exploring their internal functionality, thus making it difficult or impossible for independent researchers to verify that Apple devices perform the way they are supposed to regarding security and privacy. An unpatchable hardware vulnerability called checkm8 was discovered in 2019, which impacts several iPhone models. The researchers used this vulnerability to get a foothold at the device's most fundamental level, where the system begins booting up. At this level, they can control the first code running on the machine. Using checkm8 as a starting point, they developed a suite of software that allows them to observe what happens across the device, control security measures installed by Apple, and more. The researchers have stressed the importance of having third parties assess Apple's security claims, stating that there is value in having independent verification that Apple's technology is performing as intended and that its security measures are reliable. For example, researchers would want to know the degree to which attacks that have worked against hardware flaws contained by other devices might work against Apple devices. This article continues to discuss the development of the toolkit aimed at testing Apple security and the identification of the iTimed vulnerability during the toolkit's POC demonstration. 

NC State University reports "Researchers Develop Toolkit to Test Apple Security, Find Vulnerability"