Security experts cited by MIT Technology Review have found that the kernel of the first developer preview of iOS 10 is unencrypted, allowing anyone to examine the code. All previous iOS kernels have been encrypted by Apple.
The heart of an operating system is a component known as the kernel, which controls how programs can use a device’s hardware and enforces security. Apple has previously encrypted the kernel in iOS releases, hiding its exact workings and forcing researchers to find ways around or through it. But the kernel was left unobfuscated in the preview version of iOS 10 released to developers last week for the most recent Apple devices.
As the piece notes, this doesn’t compromise the security of iOS 10, and there are both pros & cons to making it available for inspection. Security researchers are unsure whether the move was intentional or a mistake …
On the downside, it makes life much easier for those looking for weaknesses in the code.
The goodies exposed publicly for the first time include a security measure designed to protect the kernel from being modified, says security researcher Mathew Solnik. “Now that it is public, people will be able to study it [and] potentially find ways around it,” he says […]
Jonathan Levin, author of an in-depth book on the internal workings of iOS. “It reduces the complexity of reverse engineering considerably” [and speculates that] someone inside the company “screwed up royally.”
iOS security expert Jonathan Zdziarski, in contrast, says that it would have been too glaring an error to do it accidentally, and that Apple may want more eyes on the security of its core code to help identify potential vulnerabilities.
Opening up its code would make sense in light of Apple’s recent faceoff with the FBI, Zdziarski notes. Originally the agency wanted Apple to help penetrate the San Bernardino iPhone, but it dropped that plan after finding a third party who could break into the device. It was the latest evidence of an expanding trade that sells software exploits to law enforcement. Opening up iOS for anyone to examine could weaken that market by making it harder for certain groups to hoard knowledge of vulnerabilities, Zdziarski says.
Given the scale of mistake that would be required, it’s hard to imagine that it could have escaped the notice of all those involved in reviewing it prior to release, and it’s notable that Apple hasn’t pulled the beta. All this means we put far more weight on the deliberate policy theory.