Apple's Kernel Left Unencrypted in iOS 10 Beta, It's a Bold Move or an Embarrassing Mistake
Posted June 21, 2016 at 11:02pm by iClarified
Security researchers have discovered that the kernel in iOS 10 beta is not encrypted, reports MIT Technology Review.
Security experts say the famously secretive company may have adopted a bold new strategy intended to encourage more people to report bugs in its software—or perhaps made an embarrassing mistake. Apple declined to comment on why it didn’t follow its usual procedure.
The kernel controls how programs can use a device's hardware and also enforces security. In previous releases of iOS, the kernel has always been encrypted. This meant that security researchers and hackers had a difficult time finding ways around or through it. Now flaws in the kernel will be much easier to spot. "It reduces the complexity of reverse engineering considerably," says Jonathan Levin, author of an in-depth book on the internal workings of iOS.
Researcher Mathew Solnik says that for the first time a security measure designed to protect the kernel from being modified is now public. "Now that it is public, people will be able to study it [and] potentially find ways around it."
It's unclear why Apple's code has been opened up. Maybe someone "screwed up royally" or perhaps Apple wants people to pore over the code and disclose more bugs so the company can fix them. Jonathan Zdziarski, an iOS security expert, thinks this is a more likely explanation as forgetting to encrypt the kernel is such a basic mistake. "This would have been an incredibly glaring oversight, like forgetting to put doors on an elevator."
We'll be watching closely to see how this affects the possibility of a jailbreak for iOS 10. Please follow iClarified on Twitter, Facebook, or RSS for updates.
Read More
Security experts say the famously secretive company may have adopted a bold new strategy intended to encourage more people to report bugs in its software—or perhaps made an embarrassing mistake. Apple declined to comment on why it didn’t follow its usual procedure.
The kernel controls how programs can use a device's hardware and also enforces security. In previous releases of iOS, the kernel has always been encrypted. This meant that security researchers and hackers had a difficult time finding ways around or through it. Now flaws in the kernel will be much easier to spot. "It reduces the complexity of reverse engineering considerably," says Jonathan Levin, author of an in-depth book on the internal workings of iOS.
Researcher Mathew Solnik says that for the first time a security measure designed to protect the kernel from being modified is now public. "Now that it is public, people will be able to study it [and] potentially find ways around it."
It's unclear why Apple's code has been opened up. Maybe someone "screwed up royally" or perhaps Apple wants people to pore over the code and disclose more bugs so the company can fix them. Jonathan Zdziarski, an iOS security expert, thinks this is a more likely explanation as forgetting to encrypt the kernel is such a basic mistake. "This would have been an incredibly glaring oversight, like forgetting to put doors on an elevator."
We'll be watching closely to see how this affects the possibility of a jailbreak for iOS 10. Please follow iClarified on Twitter, Facebook, or RSS for updates.
Read More