Story image

Apple says DON’T fear about leaked source code – experts say DO

10 Feb 2018

Yesterday an anonymous user posted what experts believed at the time to be the source code for a key component of the iPhone’s operating system on GitHub.

Apple indirectly confirmed the code to be real soon after when it demanded GitHub to take the source code down with a DMCA legal notice.

The code on GitHub was labelled ‘iBoot’, which is a key cog of iOS responsible for making sure the operating system ‘boots up’ safely and securely. This means of all the processes running behind iOS, it is the very first to start up when an iPhone is turned on.

The code indicated that it was taken from iOS 9 butt experts say there are portions of it that are still likely to be used in the newest operating system, iOS 11.

While various parts of iOS and MacOS have been made open source in recent years, Apple has gone out of its way to ensure iBoot’s code remains private – in Apple’s bounty program, bugs in the boot process are deemed the most valuable and can fetch up to US$200k.

Apple confirmed in a statement that the source code had been posted online, but asserted it was three years old and that by design the security of their products aren’t based on the secrecy of their source code.

“There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections,” the statement from Apple read.

So what are the actual implications of this leak? Arxan Technologies VP of product, Rusty Carter says iBoot’s leak  could potentially allow hackers to find security holes in the smartphone, enabling them to analyse Apple’s code, replicating and manipulating it for malicious purpose.

"Apple iOS is widely viewed as the most trusted mobile operating system out there. But the leak of this source code is proof that no environment or OS is infallible, and application protection from within the application itself is crucial, especially for business-critical, data-sensitive applications,” says Carter.

“It's only a matter of time before the release of this source code results in new and very stealthy ways to compromise applications running on iOS."

Various experts online agree with Carter, reporting the leak could pave the way for hackers to find flaws and bugs to enable them to crack or decrypt an iPhone. There is also the potential for advanced programmers to ‘clone’ iOS onto non-Apple platforms.

50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
NZ Cricket ups data analytics game with Qrious
The Black Caps and White Ferns have implemented a data and analytics solution from Qrious to monitor and improve game strategy and player performance.
Gartner: Smartphone biometrics coming to the workplace
Gartner predicts increased adoption of mobile-centric biometric authentication and SaaS-delivered IAM.
Samsung & Trade Me offer AI-powered shopping
The smartphone camera & AI-powered tech, Trade Me says, is a ‘glimpse into the future of shopping’.
Neill Blomkamp's 'Conviction' is a prequel to BioWare's Anthem
You may remember Neill Blomkamp’s name from such films as District 9, Chappie, and Elysium. If you’ve seen any of those films, the short teaser trailer will seem somewhat familiar to you.
Security flaw in Xiaomi electric scooters could have deadly consequences
An attacker could target a rider, and then cause the scooter to suddenly brake or accelerate.
617 million stolen records up for sale on dark web
It may not be the first time the databases have been offered for sale.