Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional

Discussion in ' News Discussion' started by MacRumors, Jun 22, 2016.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Yesterday it was discovered that iOS 10 does not feature an encrypted kernel, allowing users and researchers access to the core of the operating system and its inner workings. It was unclear at the time whether the lack of encryption was an accident or intentional, but today Apple confirmed to TechCrunch that the company did not encrypt the kernel for a reason.


    The kernel, which dictates how software can use hardware and keeps the device secure, is unencrypted so that developers and researchers can "poke around" and find potential security flaws. Because the kernel is easier to access and flaws may be easier to find, Apple can more easily and more quickly patch potential issues.

    The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.

    Article Link: Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional
  2. jmh600cbr macrumors 6502a


    Feb 14, 2012
    Yesterday? lol Luca Todesco discovered it within minutes after WWDC
  3. hybroid macrumors regular


    Aug 12, 2010
  4. kevinkyoo macrumors 6502a


    Feb 5, 2016
    Any word on Apple doing this for OS X? There are still many issues present with the current iteration (ex. Computer freezing after watching videos on YouTube/iTunes) that I think would benefit greatly from this.
  5. Markoth macrumors 6502


    Oct 1, 2015
    Behind You
    Good to know. I can't see how decrypting it provides much of a performance boost, except perhaps on reboot. Should be a bit quicker without it.
  6. S197Mike, Jun 22, 2016
    Last edited: Jun 22, 2016

    S197Mike macrumors member

    Sep 15, 2014
    is this a blow to the jailbreak community then?
  7. SSD-GUY macrumors 6502a

    Sep 20, 2012
    I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.

    Yeah, didn't work too well for Android, though.
  8. C DM macrumors Sandy Bridge

    Oct 17, 2011
    Where does open-source come from? :confused:
  9. Peepo macrumors 6502a

    Jun 18, 2009
    Will this allow others to reverse engineer or even copy it, patch it and make cheap iPhone knockoffs!!!
  10. RichTeer macrumors member


    Aug 13, 2014
    Kelowna, BC, Canada
    Umm, unencrypted binary != open source...
  11. MizuNoHane macrumors member

    Jul 24, 2014
  12. 6836838 Suspended

    Jul 18, 2011
    You're very confused. Please research the difference between binaries and source code.
  13. oplix Suspended


    Jun 29, 2008
    New York, NY
    In Apple marketing terms, this is called innovation.
  14. OldSchoolMacGuy Suspended


    Jul 10, 2008
    Please please please stop referring to Johathan as an expert. Everyone that has ever worked in the security or forensics industry would never regard him as such. ****** media may only because he's willing to whore himself and say anything for media attention.
  15. DotCom2 macrumors 601

    Feb 22, 2009
    They put unencrypted corn in the beta...AND on purpose?
  16. Markoth macrumors 6502


    Oct 1, 2015
    Behind You
    The only thing developers can do now that they couldn't earlier is disassemble the kernel and look for vulnerabilities. I think it's safe to say that 99% of developers do not have the required skills. Not even close to open source, although the kernel should be somewhat similar to what's used in OS X... It should still be the XNU kernel, with modifications... The source for that is available.
  17. gotluck macrumors 603


    Dec 8, 2011
    East Central Florida
    Very cool

    Pretty serious policy change, makes me excited about what could be next..

    I'm curious about the performance increase, I feel like the hindering of exploit hoarding would be more significant
  18. blacktape242 macrumors 68000


    Dec 17, 2010
    Sacramento, CA
  19. Quu macrumors 68030


    Apr 2, 2007
    I'd just like to point something out. Apple does not offer a bug bounty program. That is to say there is no bounty to be awarded if you report a bug to them no matter how serious it is.

    By contrast Microsoft offers $100,000 for a unique kernel level exploit, $15,000 for a Edge browser exploit and $100,000 for a unique solution to a presented exploit that they have yet to come up with / implement.

    So if you were to find an Edge browser exploit in Windows 10 and another exploit that allowed you to jump the sandbox and gain root access to the operating system and then figured out a solution to stop the attack that is safe and implementable you could earn yourself $215,000.

    Find the same in iOS, macOS, watchOS or tvOS and earn $0. It's about time Apple got serious and offered their own bug bounty program. It's the most meaningful way to get serious vulnerabilities reported.

    And remember the FBI and NSA are paying upwards of $1 Million dollars (as shown in congress reports) for root level attacks on iOS, macOS and Windows. That is the competition. If you're a security researcher who're you gonna tell? Apple and earn nothing or the NSA/FBI and change your entire life?
  20. busyscott macrumors regular


    Sep 29, 2015
    This is Apple's version of handing someone a TV remote and then intentionally dropping it right before they grab it.

    (The "TV remote" being a backdoor and the "someone" being the CIA)
  21. Tucom macrumors 65816


    Jul 29, 2006
    Is this a temporary thing for the beta, or will it be unencrypted permanently for here on out?
  22. _mdavenport macrumors regular


    Aug 23, 2015
    California, USA
    My question as well.
  23. patent10021 macrumors 68030


    Apr 23, 2004
    Yeah because it's GMO corn so they don't want it affecting performance.
  24. thadoggfather macrumors G4


    Oct 1, 2007
    It seems odd, how can this contribute to performance and security, opening up the flood gates?

    Does encryption / performance and security have to be mutually exclusive ?

Share This Page

135 June 22, 2016