Apple’s iBoot source code leaked on GitHub in ‘biggest leak in history’
SOURCE CODE for Apple’s iBoot, one of the core components of iOS, has been posted on GitHub, potentially opening up Cupertino’s traditionally locked-down mobile software to opportunistic hackers.
Responsible for launching a trusted boot of iOS, iBoot is the first programme that gets kicked into action every time an iPhone is turned on. It ensures that the mobile OS’s kernel is approved by Apple and legitimate for use on an iPhone or iPad.
Apple keeps code like this firmly under lock and key and probably a few immaculately designed booby traps, as it’s essential to the core functionality of iOS.
The code leaked onto GitHub claims to be designed for iOS 9 but parts of it are likely to be found in iOS 11, making the leak potentially dangerous to Apple’s mobile software.
Having access to such source code is one way for security researchers to find flaws in source code and report any bugs they might throw up that could be exploited by hackers.
However, making the code public could allow intrepid hackers to sniff around in iBoot and find their own vulnerabilities, only instead of reporting them to Apple, they could tap into the flaws and use them as vectors of attack against iOS.
The iBoot source code could also enable programmers to eventually find a way to emulate iOS on devices other than iPhones and iPads, which would be a big thorn in Apple’s closed ecosystem approach.
Two researchers have confirmed to Motherboard that the code is indeed real as they were able to reverse engineer it.
iOS and macOS specialist Jonathan Levin told the website that the iBoot posting is “the biggest leak in history”.
“iBoot is the one component Apple has been holding on to, still encrypting its 64-bit image,” he said. “And now it’s wide open in source code form.”
Thanks to the use of the Secure Enclave Processor chip in modern iPhones, jailbreaking iOS and accessing a phone’s data has been made into an unattractive challenge by Apple.
But leaks of this kind potentially open up the scope for iPhone hacking and no doubt a degree of furore will be churning away in communities that love nothing more than getting stuck into a piece of private code .
Apple hasn’t responded to the leak, but no doubt Cupertino will soon put in security measures to mitigate the threats it could throw up. Tim Cook will then dispatch a hit squad to root out the leaker and discipline them… probably. µ
