Kernel of iOS 10 Preview Is Not Encrypted -- Nobody Knows Why (technologyreview.com)

← Back to Stories (view on slashdot.org)

Kernel of iOS 10 Preview Is Not Encrypted -- Nobody Knows Why (technologyreview.com)

Posted by msmash on Wednesday June 22, 2016 @02:00AM from the puzzling-researchers-inc dept.

Security experts are claiming that iOS 10 preview, which Apple made available to enthusiasts last week, is not secure. iOS 10 is the latest version of Apple's mobile operating system. It will be available to standard customers later this year (likely around September). According to security experts, iOS 10's kernel is not encrypted. MIT News reports: Why Apple has suddenly opened up its code is unclear. One hypothesis in the security community is that, as author Jonathan Levin puts it, someone inside the company "screwed up royally." But he and security researcher Mathew Solnik both say there are reasons to think it may have been intentional. Encouraging more people to pore over the code could result in more bugs being disclosed to Apple so that it can fix them.

51 of 82 comments (clear)

Min score:

Reason:

Sort:

Not secure? by wiredog · 2016-06-22 02:03 · Score: 4, Informative

How does "not encrypted" == "not secure" in this arena?
FTA: "That doesnâ(TM)t mean the security of iOS 10 is compromised."

--

Best Slashdot Co
1. Re:Not secure? by Anonymous Coward · 2016-06-22 02:15 · Score: 1
  
  Hell, how does "not encrypted" == "opening up the code"? The article talks like it being unencrypted means apple's giving out the source code, which is hilariously incorrect.
  I haven't read any other articles from "Technology Review", but just from this article, I have doubts about their knowledge of technology.
2. Re:Not secure? by Anonymous Coward · 2016-06-22 02:15 · Score: 2, Funny
  
  If it was directly programmed in machine language, I suppose you have the source code.
  Nahhh. It's not 1960 anymore.
3. Re:Not secure? by Anonymous Coward · 2016-06-22 02:51 · Score: 1
  
  The problem with closed source is that you never know where the bugs/vectors truly are. ...
  The Heartbleed and Shellshock bugs would like to have a word with your parochial attitude...
  
  Analysis of the source code history of Bash shows the vulnerabilities had existed since version 1.03 of Bash released in September 1989, introduced by Bash's original author Brian Fox
4. Re:Not secure? by Maritz · 2016-06-22 03:03 · Score: 1
  
  there's no way in hell that Apple screwed up that badly.
  
  Microsoft then sure, any screwup is possible because they're primarily a marketing company. Solid technology is a distant second to that.
  So Apple aren't marketing, Microsoft are. lol. You realise that your power to convince people diminishes the more obvious your fanboyism?
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
5. Re: Not secure? by Anonymous Coward · 2016-06-22 03:05 · Score: 1
  
  "Had existed since version 1.03" does not mean that they had been known since then. Bug discovery is a very tiresome act, as let's not forget sometimes bugs in platforms that are no longer in use such as old video game consoles are not detected till decades later.
  Whooosh!
  The entire point is that a critically-serious bug lay latent in OPEN SOURCE bash code - distributed all over the place - for 25 years.
6. Re: Not secure? by Anonymous Coward · 2016-06-22 03:22 · Score: 1
  
  And? What does not knowing about a bug have to do with being unable to know about a bug? In your rush to bash someone for claiming that Open Source is more secure than Closed Source, you completely failed to realize that mfh made no such claim.
7. Re:Not secure? by Bert64 · 2016-06-22 03:28 · Score: 2
  
  Encrypting the kernel does nothing to improve security, as it's not true encryption but rather just obfuscation.
  The kernel has to be decrypted in order to execute, therefore every device must have the key so rather than cracking the encryption you just have to work out how to extract the key, or how to extract the decrypted kernel image.
  All it really does is create extra points of failure, waste resources and increase the risk of bugs.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
8. Re:Not secure? by Anonymous Coward · 2016-06-22 04:05 · Score: 1
  
  There is one big difference.
  When a bug happens with F/OSS, the -bug- is announced, and people are told to get workarounds out. An hour or two later, a temporary fix is issued, and a few days after, it is fixed permanently. Usually this is done well before the bad guys can attempt compromises on a wide scale.
  When a bug in a closed source OS is announced, it isn't just the bug, it is because the exploit is actively being used, 0-days are out there, and sites are being compromised. There usually are few ways to work around it, other than pull the network cable or turn off services, and it can take days to a month to actually get a fix.
  Heartbleed and Shellshock were pretty much addressed almost immediately. I spent more time updating Excel spreadsheets to hand to the auditors than actually pushing out the updates and checking if they fixed the issue.
9. Re:Not secure? by BronsCon · 2016-06-22 04:43 · Score: 1
  
  It also ensures that the kernel on the device wasn't modified (think: desolder NVRAM, solder onto your own board, modify, replace).
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
10. Re: Not secure? by Anonymous Coward · 2016-06-22 04:50 · Score: 1
  
  And? What does not knowing about a bug have to do with being unable to know about a bug? In your rush to bash someone for claiming that Open Source is more secure than Closed Source, you completely failed to realize that mfh made no such claim.
  BULLSHIT.
  Because he did claim just that:
  
  The problem with closed source is that you never know where the bugs/vectors truly are. ...
  That must be why the Shellshock bug lay latent for 25 years.
  Explain how "open source" makes such bugs "shallow"?
  Because REALITY says otherwise.
11. Re: Not secure? by Mattcelt · 2016-06-22 05:33 · Score: 1
  
  It isn't the openness of code that makes bugs shallow. In fact, as I remember the original quote, it went something like: 'given enough eyes, all bugs are shallow'.
  It has nothing to do with the state of the code and everything to do with how many people are analysing the code.
  With open source, the opportunity exists for many more people to examine the code and discover the faults, and that increases hugely with the popularity of the software and its development. With closed-source development, only the people authorised to see the code will examine it.
  So the number of lines of code (x) divided by the number of developers looking at it (y) gives the real "shallowness" value. As x:y decreases, more faults tend to be discovered in a given time period. (This does not account for the complexity of the faults, obviously.)
  A popular open-source project will be much more likely to have a lower x:y ratio than a comparable closed-source project, even if for no other reason than it is in the company's best interest to increase x:y for profit.
  What's more, not only are faults found more easily with more eyes, but the fixes for those faults are also more easily written and applied with more minds working on it.
  I hope this helps explain the 'REALITY' you speak of a bit better to you. There is real security value in open-source software.
12. Re: Not secure? by ShaunC · 2016-06-22 07:55 · Score: 1
  
  The entire point is that a critically-serious bug lay latent in OPEN SOURCE bash code - distributed all over the place - for 25 years.
  But it was found eventually and we're all safer now as a result. Could such a vulnerability have been found at all in a closed-source OS like Windows? Certainly not by a third-party researcher as was the case in Shellshock and Heartbleed.
  
  --
  Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
13. Re:Not secure? by macs4all · 2016-06-22 07:55 · Score: 1
  
  It also ensures that the kernel on the device wasn't modified (think: desolder NVRAM, solder onto your own board, modify, replace).
  Exactly.
14. Re:Not secure? by tbuddy · 2016-06-22 08:11 · Score: 3, Informative
  
  Article was stupid. Why anyone would get the source code from the build when they can get the source code for XNU right here for the last 20 years.
15. Re:Not secure? by AK+Marc · 2016-06-22 08:24 · Score: 1
  
  Why is encryption required for that? Wouldn't a hash/checksum be sufficient?
  
  --
  Learn to love Alaska
16. Re: Not secure? by HiThere · 2016-06-22 09:16 · Score: 1
  
  That was the quote, and that was the hypothesis. It's been shown to be *largely* true, but not guaranteed. The actual statement should have been a lot more modest, something along the lines of:
  given enough eyes, most bugs are shallow, but some aren't
  Open Source tends to have its bugs corrected more rapidly, but this is only a tendency, and it seems to depend more on the number of people trying to join the project than on the number of people using the project. E.g., I've never looked at the source code of most of the tools I use, but I have looked at various compiler libraries.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
17. Re: Not secure? by TangoMargarine · 2016-06-22 09:38 · Score: 1
  
  If you really want to make this into a dick-waving competition, how many bugs of comparable severity have closed-source ecosystems such as Windows and MacOS had in that same time period?
  Nobody is saying open source makes things perfect. It makes things *better.*
  
  --
  Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
18. Re: Not secure? by Mattcelt · 2016-06-22 11:09 · Score: 1
  
  The most popular open- and closed-source packages have had severe bugs lay latent - FOR DECADES.
  FTFY.
  And speaking of myths... the Heartbleed vulnerability was committed to the OpenSSL source on 31 December, 2011. If 'DECADES' have passed since then, there's something seriously wrong with my NTP server.
19. Re: Not secure? by Mattcelt · 2016-06-22 11:14 · Score: 1
  
  Well-put. Perhaps the caveat should be the number of contributors, rather than simple popularity. (Though I do imagine those numbers are somewhat correlated in open-source projects.)
  Some software faults are tremendously obscure. In fact, there are many that exist that will *never* be discovered. It's just a fact of life.
  But I think we agree that open-source software has the inherent potential to be more secure by its nature than its closed-source counterparts.
20. Re: Not secure? by Plumpaquatsch · 2016-06-22 20:42 · Score: 1
  
  The entire point is that a critically-serious bug lay latent in OPEN SOURCE bash code - distributed all over the place - for 25 years.
  But it was found eventually and we're all safer now as a result. Could such a vulnerability have been found at all in a closed-source OS like Windows? Certainly not by a third-party researcher as was the case in Shellshock and Heartbleed.
  So a bug in an Open Source project that is widely exploited is better than a bug in closed soured software that is never found and thus never exploited. Because OPEN SOURCE.
  
  --
  Of course news about a fake are Fake News.
21. Re: Not secure? by Plumpaquatsch · 2016-06-22 20:50 · Score: 1
  
  Lol. They've demonstrated they DO NOT have a test framework worth a damn.
  Gotofail
  Gotofail? Wasn't that in an Open Source part of the OS? Considering it was called for the actual code snippet that contained the bug - yes it was. So make that another fail for Open Source.
  
  --
  Of course news about a fake are Fake News.
iOS vs OS/X by Viol8 · 2016-06-22 02:06 · Score: 1

Just out of interest, how much codebase do they have in common, does anyone know? Is it the same mach kernal running on both for example?
Not the source code by Anonymous Coward · 2016-06-22 02:09 · Score: 2, Insightful

The article seems to react as if they gave the source code, which is not the same thing as being unencrypted. If it's just a binary blob it's not really "open". However, I guess that's still easier to find exploits than an encrypted kernel, though.
I know the kernel is Darwin which IS open source. Does Apple modify it much without releasing their changes?
1. Re:Not the source code by LichtSpektren · 2016-06-22 02:15 · Score: 5, Informative
  
  The kernel is XNU which is open source: http://opensource.apple.com/so...
  
  Darwin is the open source OS that is the Unix core of macOS, iOS, watchOS and tvOS. So that is to say, when you say "iOS", you're talking about some closed source additions to Darwin which is particular to iPhones and iPads.
2. Re:Not the source code by mfh · 2016-06-22 02:36 · Score: 3, Interesting
  
  There were hidden behaviours before that are now visible to the trained eye.
  
  --
  The dangers of knowledge trigger emotional distress in human beings.
Ok? by LichtSpektren · 2016-06-22 02:13 · Score: 4, Informative

iOS shipped unencrypted by default until v.8. The source code is freely available to view online: http://opensource.apple.com/so...
limited preview by i.r.id10t · 2016-06-22 02:14 · Score: 2

It is a limited preview release... not released to the masses. I would expect that some stuff will change between now and release day... including whether or not the kernel is encrypted or not...

--
Don't blame me, I voted for Kodos
1. Re:limited preview by tlhIngan · 2016-06-22 04:08 · Score: 1
  
  I don't think it's even an issue - it's a limited developer preview. These are builds given to developers to load onto their devices so they can develop and test their apps running on the new OS ahead of time.
  It's not meant to be secure, it's not meant to be used in production, it's just so developers can test out the new APIs and start coding against them
  Hell, you're allowed to downgrade your device back to iOS 9 if you don't need it anymore.
  The public beta isn't until a month or more away
Re:here's an idea by Anubis+IV · 2016-06-22 02:19 · Score: 1

A lot of the reporting coming out yesterday following the initial reports indicated that the company either hadn't been responding or had been responding with, "No comment."
Re:here's an idea by Blade · 2016-06-22 02:21 · Score: 4, Informative

FTA,
"Apple declined to comment on why it didn’t follow its usual procedure."
Someone did ask, Apple didn't say anything.
Lets check by hlavac · 2016-06-22 02:24 · Score: 1

Time to compile the source and see what the difference will be against the binary?
1. Re:Lets check by hlavac · 2016-06-22 02:28 · Score: 1
  
  And unencrypted kernel is a good thing. It just needs to be SIGNED, not encrypted.
2. Re:Lets check by i.r.id10t · 2016-06-22 04:26 · Score: 1
  
  Wouldn't encrypting it work sorta like a signature? If the boot loader is loaded with a key, and only that kernel - or kernels released as part of point releases/security updates - will decrypt with that key, isn't that equivalent to checking a signature?
  
  --
  Don't blame me, I voted for Kodos
Noscript friendly link by invictusvoyd · 2016-06-22 02:26 · Score: 2

http://www.macrumors.com/2016/...
Re:National Security Letter by Thud457 · 2016-06-22 02:30 · Score: 3, Funny

Those damn canaries keep dying.
Must be bad air around here.

--
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
No backdoors here! by MTEK · 2016-06-22 02:35 · Score: 1

Did encrypting it raise suspicion in countries like China?
A little help for the JailBreak community? by grc · 2016-06-22 02:56 · Score: 5, Funny

Maybe Apple is just trying to revive the JailBreak community. This community has contributed many innovative ideas that Apple eventually incorporated into newer versions of iOS. The JailBreak community is not what it once was, and maybe Apple is just trying to resuscitate it...
Immediately following this . . . by mmell · 2016-06-22 03:12 · Score: 2

Sam Flynn was seen jumping off the Encom Tower . . .
1. Re:Immediately following this . . . by aristotle-dude · 2016-06-22 07:46 · Score: 1
  
  Sam Flynn was seen jumping off the Encom Tower . . .
  That would be the Shangri-La hotel in Vancouver on West Georgia St.
  
  --
  Jesus was a compassionate social conservative who called individuals to sin no more.
Re:here's an idea by rockmuelle · 2016-06-22 03:16 · Score: 1

FTA,
"Apple declined to comment on why it didn’t follow its usual procedure."
Someone did ask, Apple didn't say anything.
Which is Apple's usual procedure (not responding). Heck, even within Apple engineers aren't allowed to share details like this outside of their immediate team.
But, as many other posts have pointed out, the source code for most of the kernel is already open source and iOS was unencrypted until iOS 8. Not really much to see here...
(on a side note, what's up with /. suddenly becoming just a string of "gotcha" stories about software bugs and corporate mistakes?)
They are on IRC and forums by Ilgaz · 2016-06-22 03:21 · Score: 1

Funny thing is you can actually go find Apple kernel developers in not so secret places like IRC, Apple isn't Microsoft.
It needs a secret long forgotten wizardry like journalism of course.
Re: here's an idea by adolf · 2016-06-22 03:48 · Score: 1

"gotcha" articles are better than the insufferable ones about workplace demographics that used to litter these pages.

--
Kid-proof tablet..
Re:Only LUDDITE software is encrypted. by Maritz · 2016-06-22 03:53 · Score: 1

I don't think you can hit 3/10 or higher with the whole "appy apps" or "cows moo" shit. It's just weak as fuck.

--
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Re:National Security Letter by DoubleUP · 2016-06-22 05:47 · Score: 2

Those damn canaries keep dying. Must be bad air around here.
Nah, the foreman said something's wrong with the canaries. Keep digging.

--
This sig may contain nuts.
Is this something similar to a warrant canary? by Varka · 2016-06-22 05:51 · Score: 1

Maybe Apple's been forced to include some sort of backdoor that they can't talk about, and this is the only way it might be "exposed." Then again, I wouldn't expect Apple to give two shits if it had the potential to negatively impact sales, so maybe not...
Re:Only LUDDITE software is encrypted. by mlts · 2016-06-22 06:52 · Score: 1

I have never gotten the "app" verb used in this context. I assume "apping an app" means using XCode and Git, with a very well-honed Agile and Scrum process, with multiple development, alpha, and beta stages to get code that is as bug-free as malware (malware tends to be the least buggy of types of software.)
Re:here's an idea by Plumpaquatsch · 2016-06-22 21:01 · Score: 1

https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/

“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.

--
Of course news about a fake are Fake News.
Re:And as a side-line by Plumpaquatsch · 2016-06-22 21:26 · Score: 1

Congress has voted to make April 20th: National Brownies Day, National Pizza Day, National Cheetohs day, National Open-Source iOS Day, National Pie Day, National Clown Day, National Hassenpfeffer Day, National DeadPool Day, and National Psychics Day in an unprecedented flurry of add-on clauses to the National No-Government-Snooping Day Bill....
They forgot National Hitler's Birthday?

--
Of course news about a fake are Fake News.
Better apps? by valnar · 2016-06-23 02:25 · Score: 1

If this means people can write better apps geared towards the kernel, I'm all for it. There aren't any (or any good) WiFi scanner apps available for iOS like Android. It would be nice to have that in my toolkit. Apple has prevented such apps before in the past.
Maybe they WANT some people to analyse it by allo · 2016-06-23 07:02 · Score: 1

Somebody forced them to include something ugly, they are not allowed to tell and they really hope we'll find it now.