iPhones are widely seen as some of the most secure smartphones for everyday users. Still, Apple devices are not immune to serious security flaws, as recent threats like Coruna and DarkSword have shown. Now, security researchers at Paradigm Shift have detailed a different kind of exploit called usbliter8, which affects some older iPhones and targets a deep part of Apple’s startup process known as the BootROM.
The BootROM is the basic startup code that runs before iOS loads. It helps the iPhone begin the boot process and verify what should run next. Because it is built into the chip itself, it is much harder to fix than a normal iOS bug. Apple can usually patch software flaws through an update, but it cannot rewrite BootROM code on devices that have already shipped.
How does the exploit work?
According to the researchers, usbliter8 takes advantage of a weakness in the iPhone’s USB hardware and the way some older Apple chips handle USB data during startup. In simple terms, an attacker could send specially crafted USB data while the phone is starting up or in a restore mode. That can confuse the USB controller and cause data to be written to the wrong place in memory. From there, the exploit can interfere with the boot process and run unauthorized code before iOS has fully loaded.
That sounds serious, but there is an important limit. This is not a remote attack that can reach your iPhone through a website, text message, or app. It requires USB access, which means the iPhone would need to be connected to a computer or another USB device.
Which iPhones are affected?
The exploit affects Apple devices using A12 and A13 chips as well as Apple’s S4 and S5 smartwatch chips. For iPhone users, that includes the iPhone XR, iPhone XS, iPhone XS Max, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, and the second-generation iPhone SE. For Apple Watch users, the affected models include the Apple Watch Series 4, Apple Watch Series 5, and the first-generation Apple Watch SE. Researchers do mention that the exploit is trickier to execute on devices with A13 chips.
Because this is a hardware-level issue, there is no normal software update that can completely remove the risk. A good rule is to avoid connecting older iPhones or Apple Watches to unknown computers, public USB ports, or untrusted accessories. If you own one of the affected models and security is a serious concern, moving to a newer device may offer the most peace of mind.
