Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,121
38,878



Yesterday it was discovered that iOS 10 does not feature an encrypted kernel, allowing users and researchers access to the core of the operating system and its inner workings. It was unclear at the time whether the lack of encryption was an accident or intentional, but today Apple confirmed to TechCrunch that the company did not encrypt the kernel for a reason.

ios10.jpg

"The kernel cache doesn't contain any user info, and by unencrypting it we're able to optimize the operating system's performance without compromising security," an Apple spokesperson told TechCrunch.
Click to expand...
The kernel, which dictates how software can use hardware and keeps the device secure, is unencrypted so that developers and researchers can "poke around" and find potential security flaws. Because the kernel is easier to access and flaws may be easier to find, Apple can more easily and more quickly patch potential issues.

The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.

Article Link: Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional
 
Article Link
https://www.macrumors.com/2016/06/22/apple-unencrypted-kernel-ios-10-intentional/
Last edited:
  • Like
Reactions: 997440 and S.B.G
Any word on Apple doing this for OS X? There are still many issues present with the current iteration (ex. Computer freezing after watching videos on YouTube/iTunes) that I think would benefit greatly from this.
 
  • Like
Reactions: Avieshek
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.

Yeah, didn't work too well for Android, though.
 
Will this allow others to reverse engineer or even copy it, patch it and make cheap iPhone knockoffs!!!
 
MacRumors said:



Yesterday it was discovered that iOS 10 does not feature an encrypted kernel, allowing users and researchers access to the core of the operating system and its inner workings. It was unclear at the time whether the lack of encryption was an accident or intentional, but today Apple confirmed to TechCrunch that the company did not encrypt the kernel for a reason.

ios10.jpg

The kernel, which dictates how software can use hardware and keeps the device secure, is unencrypted so that developers and researchers can "poke around" and find potential security flaws. Because the kernel is easier to access and flaws may be easier to find, Apple can more easily and more quickly patch potential issues.

The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.

Article Link: Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional
Click to expand...

Please please please stop referring to Johathan as an expert. Everyone that has ever worked in the security or forensics industry would never regard him as such. ****** media may only because he's willing to whore himself and say anything for media attention.
 
  • Like
Reactions: vmistery, MH01, koolmagicguy and 1 other person
SSD-GUY said:
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.

Yeah, didn't work too well for Android, though.
Click to expand...
The only thing developers can do now that they couldn't earlier is disassemble the kernel and look for vulnerabilities. I think it's safe to say that 99% of developers do not have the required skills. Not even close to open source, although the kernel should be somewhat similar to what's used in OS X... It should still be the XNU kernel, with modifications... The source for that is available.
 
  • Like
Reactions: pianophile and page404
Very cool

Pretty serious policy change, makes me excited about what could be next..

I'm curious about the performance increase, I feel like the hindering of exploit hoarding would be more significant
 
  • Like
Reactions: attila
I'd just like to point something out. Apple does not offer a bug bounty program. That is to say there is no bounty to be awarded if you report a bug to them no matter how serious it is.

By contrast Microsoft offers $100,000 for a unique kernel level exploit, $15,000 for a Edge browser exploit and $100,000 for a unique solution to a presented exploit that they have yet to come up with / implement.

So if you were to find an Edge browser exploit in Windows 10 and another exploit that allowed you to jump the sandbox and gain root access to the operating system and then figured out a solution to stop the attack that is safe and implementable you could earn yourself $215,000.

Find the same in iOS, macOS, watchOS or tvOS and earn $0. It's about time Apple got serious and offered their own bug bounty program. It's the most meaningful way to get serious vulnerabilities reported.

And remember the FBI and NSA are paying upwards of $1 Million dollars (as shown in congress reports) for root level attacks on iOS, macOS and Windows. That is the competition. If you're a security researcher who're you gonna tell? Apple and earn nothing or the NSA/FBI and change your entire life?
 
  • Like
Reactions: ex0dus1985, 997440, Shirasaki and 54 others
This is Apple's version of handing someone a TV remote and then intentionally dropping it right before they grab it.

(The "TV remote" being a backdoor and the "someone" being the CIA)
 
It seems odd, how can this contribute to performance and security, opening up the flood gates?

Does encryption / performance and security have to be mutually exclusive ?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back