Sunday, October 25, 2020

iPhone Source Code Leak No Big Deal. Here’s Why

Latest articles

Homepage team behind Fox 12 wildfire coverage

Where do Portland TV stations get their breaking news? Often, it turns out, from Lincoln City Homepage!
00:04:44

Volunteers raise spirits, hope amid wildfire ashes

A spirited volunteer cleanup effort is underway in Otis as workers sift through the rubble of destroyed homes left behind by the Echo Mountain Complex Wildfire.

Dick Anderson has lots of help funding his campaign

This past Wednesday, the Lincoln City News Guard ran a huge campaign ad for Dick Anderson and three other conservative candidates.

Legislators work to address double taxation, property taxes for fire victims

Oregon legislators are working to address problematic taxation statutes victims of wildfires are facing as they try to recover and rebuild.

The best thing that has happened to Lincoln County

County Commissioner Claire Hall is the best thing that has happened to Lincoln County.

Fire victims rebuilding face double taxation from school district

A tax passed by the Oregon Legislature in 2007 is the subject of controversy as fire victims rebuilding say they are being taxed twice. 

Former Ethics Commission Chair Backs Thatcher for SOS

Although I am a registered Libertarian, I am crossing party lines and will vote for Kim Thatcher enthusiastically.

COVID, Climate and 2020

2020 has been a strange year, globally, nationally and personally -- and it isn’t over yet.

Spooky Spectacular: Drive-thru trick-or-treating edition

Traditional Halloween trick-or-treating is up in the air due to COVID-19 this year, but Kiwanis of Lincoln City, Lincoln City Outlets and Explore Lincoln City are making drive-thru-candy-grabbing a thing.

LCPD Officer Wehrley to lead Lincoln City K9 unit

LCPD Officer Molly Wehrley will be Lincoln City's first K9 handler and will head to California in November to bring a new canine member to the force.

Most popular

Evacuations in effect for Lincoln City

A level 3 evacuation is in effect for all of Lincoln City from 40th street north. Level 3 means go now.

MYSTERY SOLVED! D.B. Cooper was my friend

He was the soldier who became a skyjacker, the skyjacker who became a priest, and the priest who lived and died in Depoe Bay. He was D.B. Cooper, the most famous fugitive on earth, and he was my friend.

Fire strikes historic Otis Cafe on Independence Day

North Lincoln Fire Rescue units swarmed the Otis Cafe shortly before 8 p.m. Thursday to combat a fully involved fire at the iconic restaurant.

Highway 101 hole prompts ODOT to call in geologists

Oregon Department of Transportation officials have called in geologists Thursday to take core samples of a hole on southbound Highway 101 in Otis.

Lincoln City wildfires update

Lincoln City government issued an update Thursday on wildfires north of the city, saying all evacuation orders are still in effect and residents are not allowed in the area.

An evacuated Lincoln City sits dark and intact

Lincoln City Police were active Wednesday night and were patrolling with spotlights in a town evacuated and once again without power.

The source code for iOS 9, an older version of Apple’s mobile software, was posted on the Github code-sharing earlier this week, doubtless causing gnashing of teeth in Cupertino and joy in the iPhone jailbreaking community.

iphone leak

Even though the software is about two years old, and most iPhones now run iOS 11, the iOS 9 code contained the secret instructions that boot an iPhone (called “iBoot” by some), which may not have changed much in the interim.

It’s not clear whether this leak poses any kind of security threat, as the same code has apparently been circulating privately among iOS researchers for some time, and was even posted on Reddit in the fall of 2017. Because the Reddit poster wasn’t well known, few paid attention to him then.

But the source-code leak will spur new activity among jailbreakers and among iOS security researchers, the latter of whom have found it hard to find bugs in iOS because Apple won’t divulge much of its code.

Specifically, the leaked code is for iOS 9.3, released in March 2016. The consensus among iOS experts online was that it was genuine, but not exactly earth-shattering news.

“iBoot source leak isn’t as interesting as everyone is making out,” tweeted British iOS researcher nullpixel. “It’s been circulated between people for years, surprised it took this long to leak such an old build honestly.”

The code was put on Github anonymously, and it’s not clear who smuggled it out of Apple headquarters. You can no longer find it on the original Github page, thanks to a Digital Millennium Copyright Act objection by Apple’s attorneys, but it took us only a couple of minutes to find a copy. (Sorry, not linking to it.) One wag pointed out that by issuing a DMCA takedown notice, Apple confirmed that the code was real.

The bootloader verifies that the build of iOS loaded on an iPhone is genuine and allows the boot-up procedure to continue. But with each new version of iOS, Apple has been moving more and more processes to a special hardware chip called the Secure Enclave, so it’s possible that jailbreaks based on the leaked iOS 9 code may not work on newer iPhones.

So if you’re an iPhone user, should you be worried? Not really. The leaked source code will benefit low-level black-hat hackers who will be looking through it for security flaws, but they’ll be in an arms race with white-hat hackers doing the same with the intent to fix flaws and/or cash in on Apple’s bug bounties.

More serious iOS hackers will already have seen the source code. The real pros who work for or with the NSA and other intelligence agencies probably reverse-engineered iOS 9 two years ago.

UPDATE: Apple provided us with a statement, here in full:

“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

An Apple spokesperson pointed out that Apple’s own numbers, as posted on the Apple developer site, show that only 7 percent of iOS devices are running iOS 9 or earlier.

Amit Serper, a principal security researcher at Cybereason in Boston, said the leak of the source code does raise the security risks for iPhone users.

“The bootloader is a crucial part of the device,” Serper told Tom’s Guide. “Once its code is publicly available to analyze, it’s a game changer.”

“Finding a vulnerability in the bootloader will allow attackers to tinker with the boot process and execute code that, well, shouldn’t really be executed,” he added. “Sadly, such leaks have been the reality in the past decade.”

- Advertisement -
SourceYahoo
Justin Werner
Justin Wernerhttps://wernerhost.com/
Justin is publisher of Lincoln City Homepage and an investigative journalist who finds facts. He's on a mission to seek out truth and isn't afraid to be the tip of the spear for freedom of the press.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisements -

Trending

00:04:44

Volunteers raise spirits, hope amid wildfire ashes

A spirited volunteer cleanup effort is underway in Otis as workers sift through the rubble of destroyed homes left behind by the Echo Mountain Complex Wildfire.

The best thing that has happened to Lincoln County

County Commissioner Claire Hall is the best thing that has happened to Lincoln County.

Dick Anderson has lots of help funding his campaign

This past Wednesday, the Lincoln City News Guard ran a huge campaign ad for Dick Anderson and three other conservative candidates.

Legislators work to address double taxation, property taxes for fire victims

Oregon legislators are working to address problematic taxation statutes victims of wildfires are facing as they try to recover and rebuild.

MYSTERY SOLVED! D.B. Cooper was my friend

He was the soldier who became a skyjacker, the skyjacker who became a priest, and the priest who lived and died in Depoe Bay. He was D.B. Cooper, the most famous fugitive on earth, and he was my friend.

Former Ethics Commission Chair Backs Thatcher for SOS

Although I am a registered Libertarian, I am crossing party lines and will vote for Kim Thatcher enthusiastically.

Homepage team behind Fox 12 wildfire coverage

Where do Portland TV stations get their breaking news? Often, it turns out, from Lincoln City Homepage!

Hitselberger running for Lincoln County Commissioner

Thirty-nine-year-old Newport resident Joe Hitselberger has filed to run for Lincoln County Commissioner, opposing the incumbent, Claire Hall. 

Fire victims rebuilding face double taxation from school district

A tax passed by the Oregon Legislature in 2007 is the subject of controversy as fire victims rebuilding say they are being taxed twice.