![\"a](\"https:\/\/ece.ncsu.edu\/wp-content\/uploads\/2021\/09\/aysu-sept-2021-header-1024x576.jpg\")
<\/p>\n<\/p>\n
Researchers from North Carolina State University have developed a software toolkit that allows users to test the hardware security of Apple devices. During their proof-of-concept demonstration, the research team identified a previously unknown vulnerability, which they call iTimed.<\/p>\n
\u201cThis toolkit allows us to conduct a variety of fine-grained security experiments that have simply not been possible on Apple devices to this point,\u201d says Aydin Aysu, co-author of a paper on the work and an assistant professor of electrical and computer engineering at NC State.<\/p>\n
Apple is well known for creating integrated devices. The design of the devices effectively prevents people from seeing how the devices function internally.<\/p>\n
\u201cAs a result, it has been difficult or impossible for independent researchers to verify that Apple devices perform the way that Apple says they perform when it comes to security and privacy,\u201d says Gregor Haas, first author of the paper and a recent master\u2019s graduate from NC State.<\/p>\n
However, a hardware vulnerability was uncovered in 2019 called checkm8<\/a>. It affects several models of iPhone and is essentially an unpatchable flaw.<\/p>\n \u201cWe were able to use checkm8 to get a foothold at the most fundamental level of the device \u2013 when the system begins booting up, we can control the very first code to run on the machine,\u201d Haas says. \u201cWith checkm8 as a starting point, we developed a suite of software tools that allows us to observe what\u2019s happening across the device, to remove or control security measures that Apple has installed, and so on.\u201d<\/p>\n The researchers stress that there are practical reasons for wanting to have third parties assess Apple\u2019s security claims.<\/p>\n \u201cA lot of people interact with Apple\u2019s tech on a daily basis,\u201d Haas says. \u201cAnd the way Apple wants to use its platforms is changing all the time. At some point, there\u2019s value in having independent verification that Apple\u2019s technology is doing what Apple says it is doing, and that its security measures are sound.\u201d<\/p>\n \u201cFor example, we want to know the extent to which attacks that have worked against hardware flaws in other devices might work against Apple devices,\u201d Aysu says.<\/p>\n It didn\u2019t take the researchers long to demonstrate how useful their new toolkit is.<\/p>\n While conducting a proof-of-concept demonstration of the toolkit, the researchers reverse-engineered several key components of Apple’s hardware and identified a vulnerability to something they named an iTimed attack. It falls under the category of so-called \u201ccache timing side channel attacks,\u201d and effectively allows a program to gain access to cryptographic keys used by one or more programs on an Apple device. With the relevant keys, outside users would then be able to access whatever information the other affected program or programs on the device had access to.<\/p>\n \u201cWe haven\u2019t seen evidence of this attack in the wild yet, but we have notified Apple of the vulnerability,\u201d Aysu says.<\/p>\n The NC State team is sharing much of the toolkit as an open-source resource<\/a> for other security researchers.<\/p>\n \u201cWe also plan to use this suite of tools to explore other types of attacks so that we can assess how secure these devices are and identify things we can do to reduce or eliminate these vulnerabilities moving forward,\u201d Aysu says.<\/p>\n