Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Security researchers discover iOS 10 beta has unencrypted kernel

Security researchers discover iOS 10 beta has unencrypted kernel
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jun 22, 2016, 10:53 AM
Apple left the kernel of iOS 10 unencrypted in its beta release of the mobile operating system, it has been discovered. Security experts discovered the kernel, the core of the operating system itself, wasn't encrypted as it usually is for a release, though it is unclear if it is a mistake on the part of Apple's engineers, or a way for the company to improve the security of the code before it is encrypted and released to the public this fall.

Typically, the kernel is kept secret, hidden from outside parties in order to maintain the security of the code base, minimizing the chance of someone finding a way to break the system. By not obscuring the code with encryption it effectively allows interested parties a closer look at how things work, including those wanting to discover and abuse flaws in the code itself.

Speaking to MIT Technology Review, security author Jonathan Levin advises the lack of encryption doesn't mean the security of iOS 10 is compromised, but the lack of encryption "reduces the complexity of reverse engineering considerably." Levin and other members of the security community suggest that this is less of a mistake and more an intentional release, to encourage more bugs to be discovered and disclosed to Apple, which can then be fixed ahead of release.

Security researcher Jonathan Zdziarski also believes this is unlikely to be an "elementary mistake" by Apple engineers, suggesting "This would have been an incredibly glaring oversight, like forgetting to put doors on an elevator."

If Apple has released the code unencrypted on purpose, it could be trying to harden security to protect itself from another major foe. Law enforcement and government agencies have an interest in bypassing Apple's security, with the FBI at one point publicly fighting against the company in front of Congress. Showing developers that it lacks backdoors at the same time as trying to coax more bug reports could be Apple's way to increase developer confidence in its security processes.
Junior Member
Join Date: Jun 2011
Location: Grande Prairie, Alberta
Status: Offline
Reply With Quote
Jun 22, 2016, 11:43 AM
Is this a mistake or maybe Apple bending over the DOJ
Grizzled Veteran
Join Date: Jun 2008
Status: Offline
Reply With Quote
Jun 22, 2016, 12:43 PM
My inner conspiracy theorist wants to consider the possibility that it's the latter.

Maybe it's just a charade; a put-on, like dangling a carrot in front of the DOJ: "See? Even with an unencrypted kernel, there's no way in. Have at it."
Grizzled Veteran
Join Date: Jul 2006
Location: Seattle
Status: Offline
Reply With Quote
Jun 22, 2016, 01:38 PM
Mistake or part of a conspiracy? Most of the time it's just a mistake. The new guy got stuck with the compiling and he forgot.
Author of Untangling Tolkien and Chesterton on War and Peace
Senior User
Join Date: Dec 2007
Location: Too F'ing Cold, USA
Status: Offline
Reply With Quote
Jun 23, 2016, 09:52 AM
Yes, I'm sure that a task as critical as compiling THE iOS kernel was delegated to "the new guy." And forgetting to flip the encryption switch is just the icing on the cake.

Whatever, dude.
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Privacy Policy
All times are GMT -4. The time now is 03:05 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,