RALEIGH, N.C. — A new software toolkit is finally giving Apple users the ability to check their devices for potentially devastating security issues. A team from North Carolina State University says Apple devices are notoriously difficult (if not impossible) to examine because of the way the tech giant designs their products and the software inside. Now, this new toolkit, which everyday Apple customers can use, has discovered a key vulnerability which study authors call iTimed.
“This toolkit allows us to conduct a variety of fine-grained security experiments that have simply not been possible on Apple devices to this point,” says study co-author Aydin Aysu, an assistant professor of electrical and computer engineering at NC State, in a university release.
Researchers explain that Apple has a reputation for making integrated devices. This prevents anyone from seeing how Apple products actually function internally.
“As a result, it has been difficult or impossible for independent researchers to verify that Apple devices perform the way that Apple says they perform when it comes to security and privacy,” explains first author and recent NC State master’s graduate Gregor Haas.
In 2019 however, tech experts discovered a hardware weakness called checkm8. This vulnerability impacts several models of the iPhone and study authors believe it may be an “unpatchable flaw.”
“We were able to use checkm8 to get a foothold at the most fundamental level of the device – when the system begins booting up, we can control the very first code to run on the machine,” Haas adds. “With checkm8 as a starting point, we developed a suite of software tools that allows us to observe what’s happening across the device, to remove or control security measures that Apple has installed, and so on.”
Breaking the Apple code can help improve security
Researchers argue that it’s vitally important for third parties to be able to verify the security claims that Apple makes about its devices.
“A lot of people interact with Apple’s tech on a daily basis,” Haas says. “And the way Apple wants to use its platforms is changing all the time. At some point, there’s value in having independent verification that Apple’s technology is doing what Apple says it is doing, and that its security measures are sound.”
“For example, we want to know the extent to which attacks that have worked against hardware flaws in other devices might work against Apple devices,” Aysu continues.
In their proof-of-concept demonstration, the team used their new software tool to reverse-engineer several components of Apple’s hardware. They identified a key vulnerability, which they call an iTimed attack. These security breakdowns fall under the category of what tech experts call “cache timing side channel attacks.”
What threat do iTimed attacks pose?
These attacks allow a program to gain control of cryptographic keys that one or multiple programs in the Apple device use. With control of these keys, hackers can then access whatever information those vulnerable programs have access to on an iPhone.
“We haven’t seen evidence of this attack in the wild yet, but we have notified Apple of the vulnerability,” Aysu reports.
The NC State team is now sharing their findings and the toolkit in an open-source resource so other security researchers can study weaknesses in Apple devices.
“We also plan to use this suite of tools to explore other types of attacks so that we can assess how secure these devices are and identify things we can do to reduce or eliminate these vulnerabilities moving forward,” Aysu concludes.
The team is scheduled to present their findings at the IEEE International Symposium on Hardware Oriented Security and Trust.