iOS 10 Beta Features Unencrypted Kernel Making it Easier to Discover Vulnerabilities

[verpeiler]

Most people in this thread don't have a single clue what a kernel is and what an encrypted/unencrypted kernel means.

Please guys, if you don't know what you are talking about, just don't write anything, you just embarass yourself. It's by no means a security breach....

 

[MichaelDT]

There is some drama here. This isn't a big deal, it's just a shift in strategy. XNU the kernel has had its x86 kernel out there for years like since the 90s full source code. This isn't even source, which isn't released not because of security but because they don't want an OSx86 situation again with people running iOS on other ARM devices with hacked kernels and device drivers (imagine the iOSamsung fans that could be). If releasing an unencrypted kernel was dangerous, imagine the source! Omg macOS has so many viruses with its unencrypted open source kernel, right?!

 

[MH01]

Wouldn't make sense... Apple's goal is to prevent JB, not to encourage it by leaving it open.

I'm not sure it is. If they are really making an effort to prevent it, they have failed in each iOS version
[doublepost=1466578917][/doublepost]It will be interesting what apples reasoning is, when they comment

 

[JGRE]

What does this actually mean for the end user. Is the iPhone now vulnerable to attack?

You'r not supposed to put a beta on a system that is used for anything else then testing...........

 

[Antony Newman]

Large groups & state cyber teams split into decryption and 'static analyzers'.

Small shops, groups of white hats - may excel at static analysis.

Opening up the code to direct analysis (eg using Hexrays) enables a huge number of white hats to find flaws and zero day issues. The desire for the OS to be fixed by this group will mean that vulnerabilities discovered get fixed and are far less likely to remain secret.

'Hats off to Apple.

AJ

 

[JGRE]

If the next beta has it encrypted, it was a mistake. If it's open, it was on purpose.

If it was a mistake, they might cover it up by leaving it unencrypted going forward and having you believe it was intentionally.

 

[CFreymarc]

D'oh!!

 

[Solomani]

It's not intentional. It was a mistake. Everyone knows that Apple does intentionally "reveal" the inner workings of its products for tinkers and hobbyists to hack at. It's simply not Apple's MO.

 

[cyanite]

What does this actually mean for the end user. Is the iPhone now vulnerable to attack?

No, it doesn't really make a difference. It means discovering vulnerabilities is slightly easier.

would this essentially make iOS open source?

No, the kernel is still binary, not source.

either this IS a mistake, or the biggest bust Apple has ever done... Because u just know the next step would be code circulation.

No it wouldn't. The kernel is still binary.

Apple's entire security process revolves around security through obscurity.

No it doesn't. That's an absurd statement. The existence of the security whitepaper, for instance, demonstrates that.

What the last two posts said above. Someone just got fired. This is huge.

There are going to be emergency meetings for months, maybe years. I wouldn't be surprised if TC is ultimately canned over this by the board after all the chips fall.

This is a completely absurd statement. I don't think you have any idea what you are talking about.

I think all the code for the hardware drivers is in there.

Android latency in talking to hardware is going to be cut significantly.

This will have zero influence on Android, as that's a completely different kernel.

The buck stops there. Many a CEO has taken the fall for far less.

No they haven't, not in companies like this.

I'm not talking about the security of data in flight or at rest. I'm talking about the security of the APIs and of the overall system architecture. Some of those implementation details are what Apple keeps secret with this encryption, and those details are what were inadvertently exposed.

Apple does not rely on obscurity for their primary security.

 

[simonmet]

Do people still jailbreak these days? If so, what specifically for?

I personally no longer found a need to jailbreak after around iOS 7 or 8, so I'm just wondering what people still deem as missing.

People still jailbreak for the most minor of reasons, and always will because they have to have something behave a certain way that isn't Apple's way. Like a friend said how he couldn't stand it when the home screen moved to being on the right in the app switcher instead of the left (I kind of agree with him on this). People will always want to customise and tweak the UI.

 

[DCIFRTHS]

Most people in this thread don't have a single clue what a kernel is and what an encrypted/unencrypted kernel means.

Please guys, if you don't know what you are talking about, just don't write anything, you just embarass yourself. It's by no means a security breach....

I don't know what it means, regarding security, going forward. I am going to post a very serious question though...

Can you elaborate as to how, or if, releasing the unencrypted kernel would affect iOS security?
[doublepost=1466591581][/doublepost]

Large groups & state cyber teams split into decryption and 'static analyzers'.

Small shops, groups of white hats - may excel at static analysis.

Opening up the code to direct analysis (eg using Hexrays) enables a huge number of white hats to find flaws and zero day issues. The desire for the OS to be fixed by this group will mean that vulnerabilities discovered get fixed and are far less likely to remain secret.

'Hats off to Apple.

AJ

If correct - that's very cool.

 

[nurban1992]

I may be thinking about this naively -- which may very well be the case, as I am not a software developer -- but isn't the reasoning behind this obvious? Many of you seem confused by it...

Surely, considering their strong stance on security, they wouldn't have left such a massive security hole open by accident. This is very likely intended for the beta builds. Weakening the kernel allows both Apple and developers to investigate more specific uses of their protocols and how they effect the security of the overall OS.

If a developer does something to flag a security issue, a report would probably be sent to Apple that automatically details the exact processes that instigated the error; allowing Apple to further refine the subtleties of the system's core security through the beta process to create the strongest security possible for the public release.

Obviously these kernel vulnerabilities will be patched and then some come public release.

 

[verpeiler]

I may be thinking about this naively -- which may very well be the case, as I am not a software developer -- but isn't the reasoning behind this obvious? Many of you seem confused by it...

Surely, considering their strong stance on security, they wouldn't have left such a massive security hole open by accident.

Again: It's NOT a security hole. As already said, if you have no clue about a matter, please stop spreading false statements, probably because of bad Hollywood movies, about it.

This thread is ridiculous.

 

[mr.bee]

of course it's intentional! They are completely overhauling their security, you'll know when its ready. What does Apple care now, if they can lock everything later.
There's a team polishing iOS 10, based on our real time usage and reports and there's another team doing in-house security, and when that's ready you'll know.

 

[crashoverride77]

If the next beta has it encrypted, it was a mistake. If it's open, it was on purpose.

Thanks captain obvious
[doublepost=1466598796][/doublepost]

Again: It's NOT a security hole. As already said, if you have no clue about a matter, please stop spreading false statements, probably because of bad Hollywood movies, about it.

This thread is ridiculous.

Agreed, 4 pages of people that have no clue pretending they do. MacRumors for you I guess

 

[PalindromeB0B]

A part of me believes that Apple wants at-least 1 jailbreak per iOS release. Where would they get ideas for future iOS versions from if it weren't for the jailbreak community?

Android?

 

[ftaok]

MacRumors for you I guess

G5 Powerbooks next tuesday.

 

[Smith288]

Thanks captain obvious
[doublepost=1466598796][/doublepost]

Agreed, 4 pages of people that have no clue pretending they do. MacRumors for you I guess

Standard Macrumors forum M.O. I can't wait until the next noob poster creates a thread about how closing all apps helps their memory and battery consumption!

 

[iMerik]

What does this actually mean for the end user. Is the iPhone now vulnerable to attack?

Way to go MacRumors for not asking and answering this question in the article. /s

 

[weup togo]

Apple does not rely on obscurity for their primary security.

Not security per se, but the security process of when and how to fix issues. Apple HATES having its hand forced by vulnerability disclosure.

No chance this is intentional. Someone in build & integration flipped the wrong switch.

Apple's entire security process revolves around security through obscurity. Even when they become aware of egregious vulnerabilities, they can and have sat on them for years (multiple release cycles) for the sole reason that they weren't aware of anyone using them maliciously in the wild.

The sooner and more publicly vulnerabilities are found, the sooner Apple's hand is forced on shipping fast-track security updates that may well break other legitimate functionality--not to mention derailing other planned engineering feature work.

 

[iSee]

...but security expert Jonathan Zdziarski believes it was done by choice because it's not a mistake Apple is likely to have made. "This would have been an incredibly glaring oversight, like forgetting to put doors on an elevator," he told MIT Technology Review.

Not really true. It's more like forgetting to lock an access panel after installing an elevator. The build could remain fully functional such that if there isn't a step in the process that specifically verifies this then it could slip through, especially as part of a change in the build & deployment process (which is surely constantly evolving).

I'm also not sure why a self-respecting security expert would make a public statement like this when it is something in more in the domain of a software build engineer.

 

[bennyf]

Think about this in terms of who are Apple's current "enemies" or competitors:

- Android: potentially makes Apple more developer friendly and secure. Shows respect to their devs.

- Chinese government and state owned or controlled electronics companies: china wants the source code. This isn't that but a step in that direction. Maybe this helps them sell in china.

- US law enforcement: they want a hacked version. Now they're a small step closer to it.

Or, the encryption key was obtained by one actor and Apple has now eliminated that group's advantage. Mayb Apple got a secret national security to produce the kernel and this is their canary.

I think you have to look at this as one of many moves in an extended chess match between grandmasters. My specifics above are surely wrong but closer to the truth than the "was it accidental or not question."

 

[blacktape242]

Quick someone call C.J Cantwell!!

 

[KenBotwinick]

I see people asking "Why still Jailbreak?"

You might think this is a silly reason, but I do it these days mostly for a Palm OS emulator:

http://www.styletap.com/product_iosretired.php

Why do I want a Palm OS emulator? Two reasons:

1) The same reason why I want an Atari 2600, Vic-20, Commodore 64, Amiga, and Sega Saturn emulator. Nostalgia. As far as I know emulators are still banned from the App Store. The logic behind that escapes me.
2) HandyShopper. HandyShopper is hands down the best grocery list app I have ever used on any platform. Nothing else has ever even come close, especially not on iOS. I've found most iOS shopping list apps to be useless eye candy or "services" that tie you to their website and target you with ads and coupons. I don't want a "service". I want a "tool". And HandyShopper is the best tool for the job, but unfortunately they hung up their hat and never converted it from Palm OS to iOS. The logic behind that escapes me.

 

[RooooG]

Again: It's NOT a security hole. As already said, if you have no clue about a matter, please stop spreading false statements, probably because of bad Hollywood movies, about it.

This thread is ridiculous.

Of course it's a security hole, why do you think firmware images are encrypted and signed in the first place? Security and IP. They just handed out all the instructions executed by the kernel; that's going to be very helpful to someone looking for holes.

If they really wanted collaboration, why release an unencrypted binary instead of the source (with no announcement?!)? It just makes the job harder, which increases the likelihood that an exploit remains discovered by one person and not the rest of the community.