Slashdot Mirror
Apple Says iOS Kernel Cache Left Unencrypted Intentionally, Nothing To Worry About (loopinsight.com)
The iOS 10 kernel, which Apple released to enthusiasts last week, is not encrypted, according to a report. Security experts expressed their surprise and puzzlement over this in a report by MIT News. The iPhone maker, after remaining tight-lipped over the matter for a week, has now offered an explanation. In a statement to The Loop, Apple said: The kernel cache doesn't contain any user info, and by unencrypting it we're able to optimize the operating system's performance without compromising security.It is worth mentioning that Apple is talking about kernel's cache, whereas MIT News' original report talks about kernel code.
Since you used ALL CAPS and "swear" words you clearly must be authoritative on the subject.
They are right up there with people who don't know the difference between 'to' and 'too'. They're the worst.
I thought the encryption key was securely stored in the iPhone hardware and can only be accessed by firmware running on that hardware which then decrypts the kernel.
That's actually not how it works. The decryption key is burned into the processor, that is why there is a different firmware image for different versions of the phone. Only some of the phone versions (older ones) have had their keys extracted and released. Also, with new technologies like SGX (shipped in some current desktop CPUs and soon phones) software publishers will be able to write code that can only be decrypted in the hardware's trusted enclave, so the key can never be observed. So stop yelling please when you don't know what you're talking about.
The Linux Kernel: NOT ENCRYPTED. Go panic now, the world is ending.
In fact, do you know that Linus Torvalds has personally made it possible for the MUTHAFUCKIN NSA to read every single line of source code in the Linux Kernel??
Just think about that the next time "they" tell you that it's OK for your computer to SEND IT'S DAMN IP ADDRESS OUT TO THE INTERNET!
The black helicopters are coming for me man!!
AntiFA: An abbreviation for Anti First Amendment.
Kernel cache is what they call the encrypted container that has the kernel in it. The article is not wrong, just a nonstandard use of the term.
The article is not wrong, just a nonstandard use of the term.
My new campaign slogan! I am not lying. I am just using nonstandard definitions.
“He’s not deformed, he’s just drunk!”
Is the new iOS running on Apple's new filesystem? Supposedly part of the features of the new filesystem is that it has greater control over file encryption. Given this explanation, it may be that they previously encrypted the kernel because it was the best way to encrypt user data, whereas with a new filesystem they may be able to encrypt the files they want to encrypt without needing to encrypt anything else.
Just a shot in the dark, though.
You are late to the party. c.f. Clinton and what the definition of "is" is
heh, thats cute. Not done much embedded work have you?
I have. With those processors specifically. Extracting the encryption key is non-trivial but documented if you know where to look (not the processor documentation mind you (OH FACE)
I assure you that anyone who actually knew what they were doing can easily 'decrypt' the code and nothing you've said changes what I've said, other than you think that because they've embedded it in prom on the CPU that its secure. Just because its a custom chip apple laided out doesn't mean its magically doing things that no one else figured out how to break years ago.
You may not be able to change the key, but you most certainly can extract it.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
To be fair, Apple uses a weird terminology with regard to the kernel in iOS (don't know about macs or any other XNU-running devices, don't have any experience with them)
the kernel in iOS is in fact called a kernel cache. It's prelinked, ready to be dumped into memory and executed.
Apple is in fact referring to the kernel when are talking about the kernel cache.
Apple and "security experts" are talking about the same thing.
Apple is talking about the kernel itself, which it calls the "kernel cache"
TFA is talking about the kernel, which Apple calls the "kernel cache"
They're talking about the same thing, Apple just uses a funny term for it.
Then please explain to me why there are tons of models of the phone that don't have their keys extracted yet. They are specifically designed to not have the key leave the enclave. Why don't you go ahead and do it then since you're some kind of expert and it's so easy? The jailbreak community would appreciate it. Or just keep talking out of your ass on Slashdot.
AES is symmetrical. The kernelcache is encrypted using AES. You're describing a hash collision on a signature. You're ignorant of the topic being discussed, please stop posting with such a confident posture.
This security document from Apple implies that every stage of the boot process does a complete verification on the next stage before booting continues, first the Low Level Bootloader, then iBoot and finally the iOS kernel. So you could mess with the userland stuff but not the kernel. If you think about it, the whole boot chain including the kernel is probably only 10 MB or less. That is not so burdensome to verify every boot.
Whoops forgot to put the URL https://www.apple.com/business...
I love how you assume I'm speaking from a position of ignorance. Look at my posting history and you'll learn that I tend not to do that; and when someone does manage to teach me something I thank them for doing so.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.