I’m pretty sure that the modem on modern iPhones can only access a small memory address range and that this is cryptographically enforced by the Secure Enclave. So an exploit in modemland doesn’t allow reading unencrypted info (since everything today is encrypted at the application level).

I’ll see if I can find the citation in the Platform Security document when I get home.

The Secure Enclave is nowhere between the AP and the Broadcom chip.

The application processor has an IOMMU and the kernel uses it to restrict what the Broadcom chip has access to, and the linked article series discusses exploiting the IOMMU. There is more detail in the Project Zero write-up than Apple's own PDF.

The actual solution here is to remove the insecure Broadcom chip entirely, which is what Apple ultimately did. PCI-e and MMIO are quite risky, but ultimately necessary for performance. I think PinePhone series talks to their Broadcom chip over USB, which is a lot more secure, but the performance is worse.

Qualcomm, not Broadcom, and the linked article series doesn't discuss the IOMMU at all - it's not related to this exploit as far as anybody knows.

Maybe you're thinking of the "Operation Triangulation" exploit chain, which used write access to a bizarre mapped area that seems to relate to cache debugging, in order to patch the page table.

No, it should be there. From the link:

> Lastly, in the final blog post we’ll explore the iPhone’s host isolation mechanisms, research the ways in which the Wi-Fi chip interacts with the host, and develop a fully-fledged exploit allowing attackers to gain complete control over the iOS kernel over-the-air, requiring no user interaction.

Which is referring to this link: https://googleprojectzero.blogspot.com/2017/10/over-air-vol-...

That link is the one I am summarizing:

> Sufficient isolation for DMA-capable components can be achieved by partitioning the visible memory space available to the peripheral using a dedicated hardware component - an I/O Memory Management Unit (IOMMU).

Apple uses Qualcomm chips for cellular modems, and they use Broadcom for Wi-Fi.

edit: I might have linked the original post incorrectly, there are many volumes and parts

Oh!

The ancient 2017 WiFi article - I see now; I thought you were referring to the OP's NSO group exploit.

These changes I’m describing occurred after 2017, likely at least in part due to this vulnerability.

No.

I don't think there's anything cryptographic about the baseband communication on an iPhone, or that they're connected through the Secure Enclave. I think they're just PCIe endpoints with IOMMU (which is fine as long as the IOMMU is configured correctly). My understanding is that for most iPhones, a repair shop can replace the baseband hardware itself without the phone noticing, which also suggests that there's no pairing or hardware trust model / key exchange between the AP and baseband.

Post-boot communication with the host processor on Qualcomm-baseband iPhones (iPhone 12-16 non-E) is the usual Qualcomm QMI/QMUX over PCIe (CommCenter uses libPCITransport to send messages).

The Platform Security document just says "On devices with cellular access, a cellular baseband subsystem performs additional secure booting using signed software and keys verified by the baseband processor" and "Each network processor is on its own isolated PCIe bus. An Input/ Output Memory Management Unit (IOMMU) on each PCIe bus further limits the network processor’s DMA access to only memory and resources containing its network packets and control structures."