On February 8, 2018, a massive amount of code from Apple’s iconic mobile operating system, iOS, was leaked to the public by someone who posted it anonymously on GitHub. This event led to a major panic as Apple’s code (unlike Android’s) is supposed to be a complete secret, which could lead to some pretty nasty implications. We’re going to try to get through the noise and sort out whether this event carries any kind of significant consequences for people using any iOS devices, including iPhones and iPads.
So, let’s get the obvious out of the way: Something in iOS’ core operating system was leaked to GitHub by an unknown person, which led to a moderate amount of noise and a pretty large amount of panic.
Apple’s modus operandi usually involves trying to keep the code for its operating systems as locked down as possible, especially since it depends on a blend of hardware and software that could be reverse-engineered if anyone took a good enough look at it.
The part of iOS that was leaked is known as iBoot. It’s a component that makes sure that the operating system is booting safely, verifies that the kernel and hardware have Apple’s “seal of approval” on it (i.e., its signature), and then loads up the part of the OS where you are welcomed by your home screen with all its icons.
To make this more familiar, it’s like a PC’s BIOS. It reads the hardware, makes sure all the nuts and bolts are in place, then starts querying for an operating system and loads it.
Unlike other components of iOS whose source code was released by Apple on occasion, the company took painstaking efforts to make sure that iBoot’s code never reached the wrong hands since it is a sort of “master key” that unlocks the ability to run iOS on other hardware in many instances.
Can Hackers Take Advantage of This?
Although iBoot’s code could be (and has been) reverse-engineered at any point in time, most hackers won’t be interested in some code that may or may not imitate Apple’s original stuff.
A good hacker could reverse-engineer something very similar to iBoot but could never reproduce the full product. For both counterfeiters and hackers, having an original copy is important.
At this point, there are certainly many people interested in poking through iBoot, looking for holes to exploit. Surely, both security researchers and hackers are hard at work on that as you’re reading this.
However, we must point out that the code that was leaked belongs to iOS 9, meaning that a good portion of it might be outdated. On the other hand, it could provide some valuable insight on how Apple’s pre-boot process works and allow counterfeiters to create their own platforms that run iOS, boosting the “iPhone copycat” market.
There’s also the fact that vulnerabilities found in iOS 9’s iBoot could still work perfectly fine on hardware running iOS 11. Although iPhone hardware changes frequently, things strictly related to bootup don’t often “need” to change along with it.
For those who are worried about a mass infection of Apple devices, it would take quite an effort to actually do damage by exploiting an iBoot vulnerability. The reason for this is that Apple has multiple layers of fail-safes in both its hardware and software that might make a full-blown infection difficult.
Do you think hackers will be able to bypass these fail-safes? Who do you think made this leak? Tell us what you think in a comment!