MIT Technology Review has discovered that the kernel in iOS 10 beta is unencrypted, making it a lot easier for technology-minded users, jailbreak developers and the like to take a peek under iOS’s hood and pinpoint any potential vulnerabilities.
For those wondering, kernels in all prior iOS betas used to be encrypted. Is this a bold move meant to help strengthen security in iOS 10 or will this decision actually introduce further security risks and open new attack vectors for hackers to exploit?
The kernel constitutes the central core and a fundamental part of an operating system, tasked with managing memory, communicating with peripherals and controlling low-level services, hardware and security at the hardware level.
“Crucial pieces of the code destined to power millions of iPhones and iPads were laid bare for all to see,” reads the article, adding that the move “would aid anyone looking for security weaknesses in Apple’s flagship software.”
It’s unclear whether leaving iOS 10 beta’s kernel unencrypted is a deliberate decision or a mistake on Apple’s part, but that doesn’t mean the security of iOS 10 is compromised.
Still, some security experts were baffled by this finding, arguing that opening up a crucial part of iOS’s code in this way could be a major security screwup for anyone, including jailbreak developers and creators of malware and other malicious software, could examine a security measure designed to protect the kernel from being modified.
“Now that it is public, people will be able to study it and potentially find ways around it,” says security researcher Mathew Solnik.
Others deem this a savvy strategy on Apple’s part intended to encourage more people to report bugs in iOS code. “It reduces the complexity of reverse engineering considerably,” says Jonathan Levin, author of an in-depth book on the internal workings of iOS.
Apple declined comment.
Curiously, the secretive Cupertino company has promised in the aftermath of its fight against the FBI to strengthen security and privacy features of iOS 10.
What’s your read of the situation?
Does releasing iOS 10 beta containing an unencrypted kernel signal that someone at Apple screwed up royally? And if so, shouldn’t have Apple pulled iOS 10 beta already? Or, was it a deliberate decision after all?
Source: MIT Technology Review