I… uh… well, you know that image of the security researcher sort gibbering quietly and incoherently in the corner after Meltdown/Spectre/Foreshadow/etc all came out, because the hardware wouldn’t hold secrets?
The latest (discovered/discussed…) iOS exploit is the sort of thing that makes you want to do exactly the same thing.
From someone on Twitter:
Yup. Anyway.
Operation Triangulation: The last (hardware) mystery | Securelist is an overview of the undocumented GPU debug hardware registers used to just casually waltz past page table protections and such by writing physical addresses.
Operation Triangulation | Securelist is a list of other related posts on this bit of malware.
https://arstechnica.com/security/2023/12/exploit-used-in-mass-iphone-infection-campaign-targeted-secret-hardware-feature/ is Dan Goodin’s quite accessible writeup on the matter.
But I’ll just quote their description of the exploit chain here. You may want to sit down.
AAAAAAGH.
It’s got just about everything you could want in a spy novel grade exploit. PAC bypass. Unknown hardware registers to bypass [everything]. Chains of vulnerabilities. And, of course, it starts off with an iMessage 0click 0day in some weird-ass Apple-only legacy extension from the 90s.
My advice? Enable Lockdown if you have it, then shut your phone off, put it in a Faraday bag, and kiss your ass goodbye.
This is the state of modern computing security, in glorious, high definition detail: “Oh. You’re fucked. Sorry.”