This is so far over your head it hurts
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional
- Thread starter MacRumors
- Start date
- Sort by reaction score
The bounty program is a really good, and probably a contributing factor to Microsoft improving its software. On a the contrast, if you find a major exploit in iOS or OS X , you are better off selling it to a 3rd party. Reality of the situation 100-200k is a life changing opportunity for many. I remember reading that a boy in India was making a good living from doing this testing for Microsoft, Google etc .
[doublepost=1466667020][/doublepost]
Apple are still waiting for the Chinese to make that decision...
A smooth move by our grateful leader Apple?
The "hoarding" of vulnerabilities - as the article describes - is due to Apple not paying bug bounties.
Absolutely no reason to praise Apple for this move now.
Apple's is a cheapskate - and it's definetly not improving under the lead of Tim Cook.
Wow some folks have really wrapped multiple layers of tin foil.
I suspect apple thinks it's fans and devs love them so much that they are willing to find these exploits for free. Same goes for the products, TC no doubt believes he can milk the products for much longer without updates, cause the fans will buy no matter what. As fans we share a chunk of blame, apple could launch whatever and there would be lines, and products sold out....as people call us, isheep, I believe change will not happen until TC sees a shift in his monthly sales reports spreadsheet. Our needs and wants in relation to apple products are represented as a sales number on such spreadsheet.
3rd year iPhone, that is the same design with new gimmicks might be a huge wake up call. Question will be consumers or isheep when it launches....time will tell
[doublepost=1466668237][/doublepost]
We have to, summer in UK sucks!!! It's just to keep us warm...
True. Problem is; theres little evidence to suggest any White Hats are going to bother.
After all, nobody found the GoToFail bug until years after introduction in production environments; and that bug was so trivially detectable (even by automation) that it raised some serious questions about Apple's code quality control.
Their PR is in damage control now. What else can they do? Somebody at Apple made a huge mistake, bad for him, that 64-bit guy is probably getting fired.
It's the only way to keep us warm and snug..
Apple could just so sure of themselves about different parts of the OS never interferes with any other parts, so opening up the kernal would be able to see the code, but would still prevent then damage.
That's what copyright laws are there for. I imagine the Samsung boardroom: "I had this great idea, we just copy iOS and build a phone with iOS and make billions". Followed by stunned silence. Followed by an announcement of the board director. "An unexpected new point on the agenda. Voting off one board member and starting the process of finding a new one".
How can u re-create a complete knock off without the "source code" ?
Unless u wanna be like China with ifones .... They wouldn't be even running iOS.
Have you tried to perform a Clean Install of OS X?
— it fixes all sorts of problems for people with OS X problems. I have none.
http://mashable.com/2015/10/01/clean-install-os-x-el-capitan/#NTVMCEUiREqb
Jesus christ people, the kernel/darwin is open source. While the ARM (iOS) specific code is missing, the intel version is available online...
http://opensource.apple.com/
http://opensource.apple.com/
I have a theory...
What if Apple assigned their famous "Wifi Destruction Squad" (WDS) to a new mission. This time they were given a task, and only one simple task, to encrypt 64-bit kernel. But after realising they were too busy making sure that discoveryd and Wifi stays broken, they outsourced their job to the guy who lost iPhone prototype in a bar?
What if Apple assigned their famous "Wifi Destruction Squad" (WDS) to a new mission. This time they were given a task, and only one simple task, to encrypt 64-bit kernel. But after realising they were too busy making sure that discoveryd and Wifi stays broken, they outsourced their job to the guy who lost iPhone prototype in a bar?
wow. I think people have no idea what's going on here. (from my understanding at least).
The kernel is the core of the OS right? So its just OS code that has been produced by the compiler. I have no idea why it needs to be encrypted. What would that gain? It's just code.
As Apple have pointed out, it's nothing to do with any personal data etc..
As far as I know Apple's file system can decrypt data on the fly. So by removing the encryption on the kernel part that never needed to be encrypted anyway they are getting an easy boost in speed. Whats not to love here?
The only slight issue is that hackers will find it easier to read the kernel code. But so what? if your hacking at that level I dont think the encryption would have been a problem for you anyway. And besides, the kernel is small. Its been tested to death and is probably the least susceptible to any vulnerabilities.
Funny how people make stories out of non stories.
The kernel is the core of the OS right? So its just OS code that has been produced by the compiler. I have no idea why it needs to be encrypted. What would that gain? It's just code.
As Apple have pointed out, it's nothing to do with any personal data etc..
As far as I know Apple's file system can decrypt data on the fly. So by removing the encryption on the kernel part that never needed to be encrypted anyway they are getting an easy boost in speed. Whats not to love here?
The only slight issue is that hackers will find it easier to read the kernel code. But so what? if your hacking at that level I dont think the encryption would have been a problem for you anyway. And besides, the kernel is small. Its been tested to death and is probably the least susceptible to any vulnerabilities.
Funny how people make stories out of non stories.
If this improves performance of iOS devices, is Apple going to add the unencrypted kernel to one of the last updates for iOS 9, so that the soon to be unsupported iOS devices 4s, iPad 2, etc., will go out of style if not in a performance optimised fashion, then at least in a non-comprimised performance fashion?
It's rare that the NSA or FBI pay 1 Million dollars for a single exploit. It would need to be incredible. Most of the time they pay less than $100,000 but more than $25,000 for what is known as zero day exploits.
If however you developed the holy grail. An exploit that starts simply by someone visiting a web page and escalates to total system ownership without a user being able to notice anything and it beats antivirus heuristic detection you could be looking at a million dollars.
Apple could offer $100,000 to a Million dollars for these kinds of exploits they're practically printing money. But I would suggest instead they start small. Offer $5,000-$15,000 for the first 6 months then double it. This way they get the most amount of exploits reported for the lowest sums of cash. The harder to find stuff will appear once the money offered equals the work spent finding them. So I'm not suggesting they jump right into offering 100K or 1 Million, that wouldn't make good business sense.
[doublepost=1466684468][/doublepost]
Usually there are bugs in the kernel which you cannot see because the encryption makes it difficult to do so. You cannot dump the kernel while the system is running due to ASLR and other in-memory protection techniques built into the operating system.
By having it decrypted you can copy the kernel from the phone and decompile it so you can examine it and search for potential buffer overflows and other exploitable bugs. There is still quite a lot to be learned from the kernel as they keep changing it and changes introduce bugs.
The whole reason they've decrypted it is so researchers can potentially find these bugs more easily. Encryption is security by obfuscation which means the kernel isn't really secure, its flaws are simply masked/hidden from attackers. The only attacks possible when it was encrypted were fuzzing attacks (supplying the many kernel functions with data trying to randomly find a bug as opposed to reading the kernels decompiled assembly to search for one)
Also keep in mind this isn't like decrypting a password, the data set is so large and the encryption cipher potentially 4096+ bit that it would take a billion years to unencrypt it even with the fastest supercomputer on the planet. Hackers who are "just that good" still can't do the impossible and I say that as someone that develops secure server software that deals in encrypted communications everyday.
Last edited:
Or they just satisfied the FBI and did not have to suffer any customer backlash at all, hell they even called it a feature. You know Marketing 101 is to tout your shortcomings as marketing features. The skeptic in me says "Hmmmm".
Tough luck.
Unless you buy your phone and compile everything from source, that's the only way.
Because it can now be easily patched without having access to Apple's security keys. Something like replace the check password function with don't bother to check password function.
Or....you have no idea what you are talking about from the technological standpoint. You can read post #70, the second half, to get back up to speed.
The password holds access to the keys to the encrypted user data so bypassing the password check won't get you very far. A bigger concern would be to store the password and send it/along with user data somewhere.
But that's moot, since the kernel is still signed. Any changes to the kernel would fail the signature check and the device will not boot. And if you can bypass the signature check, you can tell the device to boot from a different kernel anyway so it wouldn't matter if the original is encrypted or not.