Published: Sat, February 10, 2018
Science | By

Apple Source Code Leak Breaches Virtual Fort Knox Around iOS

Apple Source Code Leak Breaches Virtual Fort Knox Around iOS

Apple keeps iBoot under a particularly close guard because of its low-level nature and role in the operating system. "And now it's wide open in source code form".

The so-called iBoot code for iOS 9, the ninth iteration of Apple's iOS mobile operating system released in 2016, was briefly posted to GitHub before Apple sent a DMCA notice to the software platform demanding it be taken down.

"The "iBoot" source code is proprietary, and it includes Apple's copyright notice", the tech giant said in a legal notice to GitHub.

The original Apple employee did not respond to our request for comment and said through his friend that he did not now want to talk about it because he signed a non-disclosure agreement with Apple.

Exactly what hackers are able to do with the leaked iBoot will depend on what security flaws are present in the source code, if those flaws have been retained in new versions of the operating systems, and whether those flaws can be exploited.

Since the code that was leaked handles loading the OS, the bugs can be used for anything from enabling jailbreaks to loading something prior to the OS, Gorenc noted. However, multiple copies of the code have already spread online.

Another expert on iOS, Jonathan Levin, told Motherboard that the iBoot source code represented "the biggest leak in history".

iBoot code is essentially the first line of defense when booting up an iPhone. It ensures that the code being run is valid and is from Apple only. It also supports provisioning over a cable, which could allow iOS hackers to interact with it and load custom code.

Apple dismissed these concerns on Friday, February 9, saying that the security of its devices was not dependent on whether or not the source code is public. "This can be useful not only to advanced users of devices, but also to criminals".

Then one day the blueprints to the bank are posted on Facebook, with every security measure, every air duct, every room and its complete dimensions, even the details about how thick the walls are; all there for anyone to see. Another security researcher says the code is real. The iBoot source code download which hit GitHub earlier this week has been described as the biggest leak ever but, according to insiders with knowledge of what took place, it came from a relatively humble source.

Like this: