After learning that its proprietary iBoot source code was leaked on Github, Apple sent a DMCA request to the site asking for the code to be removed immediately
A portion of Apple’s proprietary source code for iOS devices has been leaked online. The code, labeled ‘iBoot’ is responsible for ensuring only trusted versions of iOS can boot on Apple devices. While Apple has yet to confirm the legitimacy of the source code, swift action from the tech giant can be viewed as indirect confirmation.
Shortly after Apple learned of the leaked source code, the company issued a Digital Millennium Copyright Act (DMCA) takdeown request to Github requesting its immediate removal. Apple’s DMCA request was published by Github and states the reason for the request is because “the ‘iBoot’ source code is proprietary and it includes Apple’s copyright notice. It is not open-source.” Github complied with the request and removed it from the repository of a user named ZioShiba.
Although the leaked code appears to be for an older version of the operating system, iOS 9, it likely contains relevant code that is still used in iOS 11. While Apple does make some portions of its code open source, iBoot has never been included and is closely guarded by the company.
It’s unclear how the code was obtained and who published it on Github. ZioShiba, the user who posted the code, appears to be relatively inactive on the platform, having last posted seven months before the iBoot leak. However a user by the same name appears to be pretty active other places online, with a YouTube channel featuring iOS hacks as well as a Twitch account.
While ZioShiba was the first to post the iBoot source code on Github, this is not the first time the code has appeared online. Last year a Reddit user named apple_internals published the same code on Reddit, however it failed to gain the same amount of attention.
The exact repercussions of the iBoot leak are unknown. Since the code is responsible for booting a secure version of iOS on Apple devices, hackers could search for vulnerabilities in the code that would allow them to break iPhone encryption.
Although the leaked iBoot code should be cause for concern, newer Apple devices have an additional layer of protection available for users. Since 2013,Apple has included a Secure Enclave chip on iPhones. It effectively creates a separate computer within the iPhone to store both encryption and decryption keys, as well as other sensitive data. Since Secure Enclave uses a physically embedded key to authenticate, it create a scenario where it’s nearly impossible for hackers to access sensitive information by brute force.
