If you're on an iPhone XR, XS, or 11, your phone has a security flaw that Apple can't patch. Researchers at Paradigm Shift published details of the exploit, called "usbliter8," which lives in read-only memory baked into Apple's A12 and A13 chips. Because it's in the hardware itself, no iOS update can reach it. It also affects several iPad models and the Apple Watch Series 4 and 5. For thieves who get hold of one of these devices, the exploit could be the missing piece that lets them bypass the iCloud lock and make a stolen phone fully usable again.
Read More: How to Tell if Your Phone Has Been Hacked
What the exploit does
The flaw lets an attacker who has physical possession of your phone plug it into a specialized USB device while in DFU mode, a recovery state normally used for restoring iPhones, and take control of the startup process before iOS loads. From there, they can get around the security measures that would normally keep a stolen, locked phone from being accessed. It does require the right equipment and hands-on access to your device, which limits the risk for most people going about their daily lives.
But stolen iPhones don't just disappear. A lot of people have experienced getting a text weeks after their phone was stolen asking them to remove the iCloud lock, with the phone showing up in a completely different country on Find My. Thieves already ship these devices overseas specifically because there's a market for them, even locked. This exploit gives them a more reliable way to unlock these older models and make them fully resalable. I think that changes how seriously you should think about losing one of these phones.
Which devices are affected and what you can do
The exploit affects iPhones built on Apple's A12 and A13 chips. That covers the iPhone XR, XS, XS Max, 11, 11 Pro, and 11 Pro Max. Several iPad models using the same chips are also affected, along with the Apple Watch Series 4 and 5 and the second-generation Apple TV 4K. The iPhone 12 and anything newer uses different chip architecture and isn't affected by this.
There's no software fix Apple can push for this one. Upgrading to an iPhone 12 or later is your only option if you want to fully address it. If you've been on the fence about moving on from an older model, this is a pretty concrete reason to do it.
In the meantime, keeping Find My enabled and a strong passcode on your device are still your best tools if your phone gets stolen. I hope this kind of flaw stays limited to older hardware and doesn't find its way into newer chips. But it's a good reminder that when your phone gets stolen, it's not just gone. Thieves now have a better shot at unlocking these older models and putting them back on the market.
[Image credits: Generated with Gemini]
