Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kernel of iOS 10 Preview Is Not Encrypted -- Nobody Knows Why (technologyreview.com)

Posted by msmash on from the puzzling-researchers-inc dept.

Security experts are claiming that iOS 10 preview, which Apple made available to enthusiasts last week, is not secure. iOS 10 is the latest version of Apple's mobile operating system. It will be available to standard customers later this year (likely around September). According to security experts, iOS 10's kernel is not encrypted. MIT News reports: Why Apple has suddenly opened up its code is unclear. One hypothesis in the security community is that, as author Jonathan Levin puts it, someone inside the company "screwed up royally." But he and security researcher Mathew Solnik both say there are reasons to think it may have been intentional. Encouraging more people to pore over the code could result in more bugs being disclosed to Apple so that it can fix them.

15 of 82 comments (clear)

  1. Not secure? by wiredog · · Score: 4, Informative

    How does "not encrypted" == "not secure" in this arena?

    FTA: "That doesnâ(TM)t mean the security of iOS 10 is compromised."

    --

    Best Slashdot Co
    1. Re:Not secure? by Anonymous Coward · · Score: 2, Funny

      If it was directly programmed in machine language, I suppose you have the source code.

      Nahhh. It's not 1960 anymore.

    2. Re:Not secure? by Bert64 · · Score: 2

      Encrypting the kernel does nothing to improve security, as it's not true encryption but rather just obfuscation.
      The kernel has to be decrypted in order to execute, therefore every device must have the key so rather than cracking the encryption you just have to work out how to extract the key, or how to extract the decrypted kernel image.
      All it really does is create extra points of failure, waste resources and increase the risk of bugs.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    3. Re:Not secure? by tbuddy · · Score: 3, Informative

      Article was stupid. Why anyone would get the source code from the build when they can get the source code for XNU right here for the last 20 years.

  2. Not the source code by Anonymous Coward · · Score: 2, Insightful

    The article seems to react as if they gave the source code, which is not the same thing as being unencrypted. If it's just a binary blob it's not really "open". However, I guess that's still easier to find exploits than an encrypted kernel, though.

    I know the kernel is Darwin which IS open source. Does Apple modify it much without releasing their changes?

    1. Re:Not the source code by LichtSpektren · · Score: 5, Informative

      The kernel is XNU which is open source: http://opensource.apple.com/so...

      Darwin is the open source OS that is the Unix core of macOS, iOS, watchOS and tvOS. So that is to say, when you say "iOS", you're talking about some closed source additions to Darwin which is particular to iPhones and iPads.

    2. Re:Not the source code by mfh · · Score: 3, Interesting

      There were hidden behaviours before that are now visible to the trained eye.

      --
      The dangers of knowledge trigger emotional distress in human beings.
  3. Ok? by LichtSpektren · · Score: 4, Informative

    iOS shipped unencrypted by default until v.8. The source code is freely available to view online: http://opensource.apple.com/so...

  4. limited preview by i.r.id10t · · Score: 2

    It is a limited preview release... not released to the masses. I would expect that some stuff will change between now and release day... including whether or not the kernel is encrypted or not...

    --
    Don't blame me, I voted for Kodos
  5. Re:here's an idea by Blade · · Score: 4, Informative

    FTA,

    "Apple declined to comment on why it didn’t follow its usual procedure."

    Someone did ask, Apple didn't say anything.

  6. Noscript friendly link by invictusvoyd · · Score: 2

    http://www.macrumors.com/2016/...

  7. Re:National Security Letter by Thud457 · · Score: 3, Funny

    Those damn canaries keep dying.
    Must be bad air around here.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  8. A little help for the JailBreak community? by grc · · Score: 5, Funny

    Maybe Apple is just trying to revive the JailBreak community. This community has contributed many innovative ideas that Apple eventually incorporated into newer versions of iOS. The JailBreak community is not what it once was, and maybe Apple is just trying to resuscitate it...

  9. Immediately following this . . . by mmell · · Score: 2

    Sam Flynn was seen jumping off the Encom Tower . . .

  10. Re:National Security Letter by DoubleUP · · Score: 2

    Those damn canaries keep dying. Must be bad air around here.

    Nah, the foreman said something's wrong with the canaries. Keep digging.

    --
    This sig may contain nuts.