A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple’s mobile processors and used the findings to devise a cache timing attack.
Using the permanent exploit known as checkm8 as a starting point, the researchers implemented a BootROM toolkit to test Apple’s A10 Fusion system-on-a-chip (SoC) and then came up with a new access-driven cache timing attack based on the Prime+Probe method.
“We find that the SoC employs a randomized cache-line replacement policy as well as a hardware-based L1 prefetcher. We propose statistical innovations which specifically account for these hardware structures and thus further the state-of-the-art in cache timing attacks,” the academics note in their research paper.
The checkm8 exploit can be used against most iPhone models (ranging from iPhone 5 to the iPhone X), but the researchers focused on iPhone 7, which was the most common Apple mobile device on the market in 2019, when the research started.