iOS 10 Beta Features Unencrypted Kernel Making it Easier to Discover Vulnerabilities

[sudo1996]

Good thing there is no way to convert binary to more readable code.
Oh, wait...

You mean assembly code? Still pretty tough.
[doublepost=1466554712][/doublepost]

Where did it say that access to the Apple servers was breached?

IAP cracks don't rely on Apple's servers being breached. It's either all local, or for apps that do server-side verification, there's a fake IAP server (either local or remote) that it tricks iOS into using.

 

[Avenged110]

Do people still jailbreak these days? If so, what specifically for?

I personally no longer found a need to jailbreak after around iOS 7 or 8, so I'm just wondering what people still deem as missing.

If I were running anything beyond iOS 6, I would still jailbreak to give myself total control and to attempt to fix the disgusting UI.

 

[weup togo]

Wrong. They do not rely on obfuscation. They rely on proven encryption models.

I'm not talking about the security of data in flight or at rest. I'm talking about the security of the APIs and of the overall system architecture. Some of those implementation details are what Apple keeps secret with this encryption, and those details are what were inadvertently exposed.

 

[Pakaku]

What does this actually mean for the end user. Is the iPhone now vulnerable to attack?

You can't jailbreak or do anything like that without going out of your way to install software. So it's not that vulnerable.

 

[sudo1996]

What does this actually mean for the end user. Is the iPhone now vulnerable to attack?

In the short term, it's more vulnerable in a way. If there are vulnerabilities, they're easier to find now.
[doublepost=1466558360][/doublepost]

Wrong. They do not rely on obfuscation. They rely on proven encryption models.

Apple engineers must know what the unencrypted code looks like. They also know what the source code looks like.

 

[OldSchoolMacGuy]

Not sure why some believe Jonathan Zdziarski is an "expert". He wrote a super basic book about security which far from qualifies him. Within the forensics and security community he's not at all regarded as an expert.

But he's totally into self promotion and ultra eager to talk to the press so I suppose they'll give him any title he chooses, even if he doesn't not much about the subjects he speaks on.

 

[6836838]

Good thing there is no way to convert binary to more readable code.
Oh, wait...

So you can disassemble, sure. Now what? Have you ever attempted to make fundamental changes to a large disassembled binary and then make it do something useful? The best I ever did was add a JMP op to bypass a password prompt on something.
[doublepost=1466559487][/doublepost]

So you can disassemble, sure. Now what? Have you ever attempted to make fundamental changes to a large disassembled binary and then make it do something useful? The best I ever did was add a JMP op to bypass a password prompt on something.

So I do agree that someone with a disassembler and possibly reverse engineered C/C++ files could find minor exploits while stepping through a bunch of breakpoints etc. But it's nowhere near the same thing as having the source code. Disassembled binary files are close to meaningless. Sure, people are going to hack out some checks and controls, but I'm not sure we're going to see anything too significant here.

I'd be very surprised if Cook gave the ok on this. It smells like a mistake, I don't expect Apple to ever come clean on this.

 

[PaulRustad007]

This might conveniently allow the FBI to get into your phones without your passcode or print......

 

[C DM]

This might conveniently allow the FBI to get into your phones without your passcode or print......

Through magic.

 

[6836838]

This might conveniently allow the FBI to get into your phones without your passcode or print......

Humour me. How?
[doublepost=1466560309][/doublepost]Perhaps the FBI infiltrated Apple's servers or got an insider in there. Perhaps.
[doublepost=1466560448][/doublepost]

In the short term, it's more vulnerable in a way. If there are vulnerabilities, they're easier to find now.
[doublepost=1466558360][/doublepost]
Apple engineers must know what the unencrypted code looks like. They also know what the source code looks like.

It's nothing to do with code.

 

[macintoshi]

No i think its cause of fbi indirectly to have it and make it spyable.

 

[Carlanga]

This gives you the keys to the car, now hackers won't need to break the window of the car to get inside aka reverse engineer.

 

[Shirasaki]

Do people still jailbreak these days? If so, what specifically for?

I personally no longer found a need to jailbreak after around iOS 7 or 8, so I'm just wondering what people still deem as missing.

For guys running old software version on their devices, jailbreak is almost the only way to try out and utilise certain features only available on newer devices. Such as users still using IPad 2 and iPhone 4s.

 

[Kabeyun]

Something as big as this wouldn't have been a mistake or oversight.

Maybe. Apple pushed an OS X update that broke Ethernet for most Macs. Pretty big whoopsy.

 

[jonnysods]

Seems like a bold move imho.

Maybe a recommendation by Jon Callas?

Maybe by the FBI.

 

[Mactendo]

So Apple is finally doomed.

 

[charlieroberts]

To borrow a line from Gene Hackman.

"You are either incredibly smart or incredibly stupid"

I want to say smart. But this reeks of stupid. Or else they would have trumpeted it...

 

[Aston441]

No. It's still a binary. Just unencrypted. You don't get the source code!
[doublepost=1466552269][/doublepost]
You do know we're talking about a binary and not source code right?

Trivial to turn back into readable code.

 

[C DM]

Trivial to turn back into readable code.

And that would be how (given how trivial it supposedly is)?

 

[gaanee]

Apple could have intentionally kept it unencrypted in the beta version hoping to find bugs in the early stage of development. This way a large community of developers, security researchers, jailbreakers will work on finding bugs and helping to make the final version more stable and secure.
The final version released to public could be encrypted.

 

[Aston441]

And that would be how (given how trivial it supposedly is)?

Well not trivial for everyone lol. If you have to ask you can't afford it!

 

[applefan69]

Why would they decide now, i.e. when releasing iOS 10, to make such a fundamental change? Do they not trust in their engineers anymore as much as they used to when developing previous iOS releases?

My thoughts are similar.

It is clear iOS 10 has been opened wide for developer interaction. In the keynote they specifically started the presentation with "we realize developers are the key to our success". It is possible iOS is seeing a fundamental change. I would like to expect Apple has a plan and this will not compromise security in any way.
[doublepost=1466571522][/doublepost]

What the last two posts said above. Someone just got fired. This is huge.

There are going to be emergency meetings for months, maybe years. I wouldn't be surprised if TC is ultimately canned over this by the board after all the chips fall.

This person does not know how a corporate hierarchy works.

 

[MoxFulder]

I used to do it all the time. I haven't for a while now. Like you, I find myself "needing" it less and less. Though I would like Kodi back on my iPad again.

You still can by sideloading Kodi with Xcode. Takes some steps but there are enough explanations around. Good luck!

 

[C DM]

Well not trivial for everyone lol. If you have to ask you can't afford it!

So basically not trivial. Got it.

 

[Wiencon]

Do people still jailbreak these days? If so, what specifically for?

I personally no longer found a need to jailbreak after around iOS 7 or 8, so I'm just wondering what people still deem as missing.

I can think of myriad of reasons why to jailbreak, Activator being first and most important one. I'm now rocking 4S on iOS6 but when I was on iOS8 I had around 60 tweaks installed and I couldn't imagine using iPhone without them