|
|
Security researchers discover iOS 10 beta has unencrypted kernel
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
Apple left the kernel of iOS 10 unencrypted in its beta release of the mobile operating system, it has been discovered. Security experts discovered the kernel, the core of the operating system itself, wasn't encrypted as it usually is for a release, though it is unclear if it is a mistake on the part of Apple's engineers, or a way for the company to improve the security of the code before it is encrypted and released to the public this fall.
Typically, the kernel is kept secret, hidden from outside parties in order to maintain the security of the code base, minimizing the chance of someone finding a way to break the system. By not obscuring the code with encryption it effectively allows interested parties a closer look at how things work, including those wanting to discover and abuse flaws in the code itself.
Speaking to MIT Technology Review, security author Jonathan Levin advises the lack of encryption doesn't mean the security of iOS 10 is compromised, but the lack of encryption "reduces the complexity of reverse engineering considerably." Levin and other members of the security community suggest that this is less of a mistake and more an intentional release, to encourage more bugs to be discovered and disclosed to Apple, which can then be fixed ahead of release.
Security researcher Jonathan Zdziarski also believes this is unlikely to be an "elementary mistake" by Apple engineers, suggesting "This would have been an incredibly glaring oversight, like forgetting to put doors on an elevator."
If Apple has released the code unencrypted on purpose, it could be trying to harden security to protect itself from another major foe. Law enforcement and government agencies have an interest in bypassing Apple's security, with the FBI at one point publicly fighting against the company in front of Congress. Showing developers that it lacks backdoors at the same time as trying to coax more bug reports could be Apple's way to increase developer confidence in its security processes.
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Jun 2011
Location: Grande Prairie, Alberta
Status:
Offline
|
|
Is this a mistake or maybe Apple bending over the DOJ
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jun 2008
Status:
Offline
|
|
My inner conspiracy theorist wants to consider the possibility that it's the latter.
Maybe it's just a charade; a put-on, like dangling a carrot in front of the DOJ: "See? Even with an unencrypted kernel, there's no way in. Have at it."
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jul 2006
Location: Seattle
Status:
Offline
|
|
Mistake or part of a conspiracy? Most of the time it's just a mistake. The new guy got stuck with the compiling and he forgot.
|
Author of Untangling Tolkien and Chesterton on War and Peace
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status:
Offline
|
|
Yes, I'm sure that a task as critical as compiling THE iOS kernel was delegated to "the new guy." And forgetting to flip the encryption switch is just the icing on the cake.
Whatever, dude.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|