'Biggest iPhone Code Leak' On GitHub: Here's Why iBoot Leak Worries Security Experts
Someone just leaked a critical source code for the iPhone on GitHub, opening Apple's iOS operating system to hackers for potential exploits and vulnerabilities.
The code, labeled "iBoot," is a component of iOS responsible for ensuring a trusted boot of the OS. Simply put, it's the thing that loads first whenever an iOS device is booted up. It starts its process and verifies that the kernel is properly signed by Apple, at which point it executes the bootup process.
The code, however, is tied to iOS 9, but some aspects of it are likely still valid in iOS 11, the latest version of Apple's mobile OS. For so long, these codes have been well kept under wraps, as Apple has been very hesitant on sharing them openly with the public. iBoot, in particular, is a highly critical component. In fact, users who find bugs or vulnerabilities in the bootup process can receive as much as $200,000 as part of the company's bug bounty program, Motherboard reports.
Is The Code Even Real?
It's not clear just how big of a leak this is, but according to author Jonathan Levin, who has written book about iOS and OS X, said it's "the biggest leak in history," adding that it's "a huge deal." He even confirmed that the boot is legitimate, because it seems to align with the code he himself reverse-engineered. Another security researcher says the code is real. The perpetrator behind the leak remains undetermined. Apple has yet to comment on the issue.
With access to the iBoot source code, hackers get increased chances of finding exploits and vulnerabilities within iOS, which could lead to them finding ways to jailbreaking the device, according to Levin. Simply put, hackers might now have easier methods of cracking or decrypting an iPhone. Also, this could very well lead to developers finding a way to load iOS using a different platform.
The code was shared on Reddit several months ago but resurfaced via GitHub on Feb. 7, where it will probably receive a lot more attention. It remains to be seen, however, whether anything will come out of the leak, since modern iPhones now have a Secure Enclave chip for security purposes. Plus, the source code has some files missing, meaning it can't be compiled, but other experts said on Twitter that it could still enable hackers to find exploits and create jailbreaks.