Don't miss the latest stories
Apple Responds After Seemingly ‘Major iPhone Code Leak’ Raises Security Concerns
By Mikelle Leow, 09 Feb 2018
Image via Apple
A core source code for iPhone’s software has surfaced on GitHub. Dubbed ‘iBoot’, it’s a code that Apple has never revealed, and runs when the iOS starts after a phone is switched on.
It’s unclear how ‘iBoot’ even ended up on GitHub, but security analyst Jonathan Levin deemed it “the biggest leak in history.”
“It’s a huge deal… ‘iBoot’ is the one component Apple has been holding on to, still encrypting its 64-bit image. And now it’s wide open in source code form,” Levin told Motherboard.
While the code was built for iOS 9, the leak raises concerns that it might be misused to discover new jailbreaks, or even uncover ways to decrypt devices. It could also let hackers simulate iOS on non-Apple devices.
Apple has confirmed the authenticity of the leaked source code, assuring that the security of its devices isn’t dependent on source code secrecy. In a statement to TechCrunch, the company wrote:
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code.”
“There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
The company has filed a Digital Millennium Copyright Act (DMCA) notice to GitHub, forcing the latter to remove the code on grounds of copyright infringement.
Per Apple’s numbers, 93% of users have updated to iOS 10 and above. Considering these figures, the iOS 9 source code leak is not expected to hurt newer interfaces. TechCrunch described that the three-year-old code should also have been tweaked significantly by now.
Security researcher Will Strafach explained to TechCrunch that while the code could offer hackers extra clues about the inner workings of an iPhone, users should not be too worried about the leak. Further, Apple likely took legal action not because of possible security threats, but because its copyright was breached.
“In terms of end users, this doesn’t really mean anything positive or negative,” Strafach said. “Apple does not use security through obscurity, so this does not contain anything risky, just an easier to read format.”
“It’s all cryptographically signed on end user devices, [so] there is no way to really use any of the contents here maliciously or otherwise.”
[via BGR, cover image via Apple]
More related news
Also check out these recent news