Story image

Apple says DON’T fear about leaked source code – experts say DO

10 Feb 2018

Yesterday an anonymous user posted what experts believed at the time to be the source code for a key component of the iPhone’s operating system on GitHub.

Apple indirectly confirmed the code to be real soon after when it demanded GitHub to take the source code down with a DMCA legal notice.

The code on GitHub was labelled ‘iBoot’, which is a key cog of iOS responsible for making sure the operating system ‘boots up’ safely and securely. This means of all the processes running behind iOS, it is the very first to start up when an iPhone is turned on.

The code indicated that it was taken from iOS 9 butt experts say there are portions of it that are still likely to be used in the newest operating system, iOS 11.

While various parts of iOS and MacOS have been made open source in recent years, Apple has gone out of its way to ensure iBoot’s code remains private – in Apple’s bounty program, bugs in the boot process are deemed the most valuable and can fetch up to US$200k.

Apple confirmed in a statement that the source code had been posted online, but asserted it was three years old and that by design the security of their products aren’t based on the secrecy of their source code.

“There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections,” the statement from Apple read.

So what are the actual implications of this leak? Arxan Technologies VP of product, Rusty Carter says iBoot’s leak  could potentially allow hackers to find security holes in the smartphone, enabling them to analyse Apple’s code, replicating and manipulating it for malicious purpose.

"Apple iOS is widely viewed as the most trusted mobile operating system out there. But the leak of this source code is proof that no environment or OS is infallible, and application protection from within the application itself is crucial, especially for business-critical, data-sensitive applications,” says Carter.

“It's only a matter of time before the release of this source code results in new and very stealthy ways to compromise applications running on iOS."

Various experts online agree with Carter, reporting the leak could pave the way for hackers to find flaws and bugs to enable them to crack or decrypt an iPhone. There is also the potential for advanced programmers to ‘clone’ iOS onto non-Apple platforms.

Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."
D-Link hooks up with Alexa and Assistant with new smart camera
The new camera is designed for outdoor use within a wireless smart home network.
Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."