Apple explains why iOS 10 kernel is unencrypted

By , Jun 23, 2016


Following the discovery by MIT Technology Review that the kernel in iOS 10 beta is unencrypted, Apple has gone on the record to explain why that’s the case. Speaking with Dave Mark of The Loop, an Apple spokesperson has officially confirmed that the decision was intentional.

Now, some security experts speculated that leaving the iOS 10 kernel unencrypted would aid anyone, nefarious users included, looking for security weaknesses in the iOS software.

Apple explains why such fears are unfounded.

Here’s Apple’s statement:

The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security.

So there you have it.

As the user data and personal information is not kept in the kernel, your data is safe despite the iOS 10 kernel being unencrypted.

The kernel constitutes the central core of an operating system which manages memory, communicates with peripherals and controls low-level services, hardware and security.

The iOS 10 kernel contains that code, plus necessary device drivers and hardware configuration files, but—again—no user data. Because the kernel is accessed frequently no matter what you do on your device, leaving it unencrypted should in fact allow iOS 10 to perform faster because encryption, even when it’s realized entirely in hardware like on iOS devices, inevitable introduces additional overhead.

Source: The Loop

  • Share:
  • Follow:
  • malhal

    nice of them to make a statement, shame they didn’t tell the truth

    • Shinonuke

      Please elaborate

      • Erick Reyes

        Agreed. I don’t see how they are lying here

      • malhal

        1. Only some 64bit phones had the kernel left unencrypted, e.g. all iPad firmwares and 32 bit devices had it still encrypted as normal.
        2. The kernel is decrypted once at boot and takes 60ms, so in computing terms saving 60ms say once a week would be misleading to state as a performance optimisation.
        3. Apple’s software quality has been in a decline for a few years now.

        These 3 reasons would suggest to be to take the marketing spokesperson statement with a pinch of salt.

      • Interesting that you say that, but there is still 0 proof that Apple in fact lied.

        This is the first beta and there is a LOT of stuff that isn’t in place that we know is coming in future BETAs. The fact that only some devices have been unencrypted could either have something to do with the later generation security hardware (which is only on some iPhones at the moment) or be a sign that Apple hasn’t made this change to all devices yet and its too early to tell. It’s also worth noting that even decrypted, the Kernel is still cryptographically signed by Apple and tampering with it would cause an iPhone to fail to boot.

        I’d be curious to know where you got the 60ms timeframe from, but I also noticed that Apple never said that performance optimization was limited just to the boot like you seem to be claiming on their behalf. The resources used to hold onto decrypted code at runtime are no longer going to be necessary for instance, and this fact alone would help free up some additional resources for other tasks. But leaving the Kernel unencrypted can affect system resources and performance positively in multiple ways.

        Finally as I’ve pointed out elsewhere, the Kernel is Open Source, so it’s not like letting this slip out revealed something that we wouldn’t have had any method of discovering before hand. Whether it surprised hackers or not doesn’t really matter. So if your basis for calling the Apple spokesperson a liar relies on questionable inferences and personal opinions of others then I think it might be best to hold off saying it until something more substantial comes along 😉


    • Qiren

      :Grabs tinfoil hat:

    • igorsky

      Take medicine.

    • Jackson Grong

      Don’t forget the us government, the FBI, has total power behind closed doors.
      If they tell Apple to unencrypt the os, Apple has no choice.

      • Gregg
    • You do realize that the underlying layer of MacOS is unencrypted too right? Not only that, the entire UNIX OS is open sourced by apple. Anyone who wants to see the code just needs to grab a copy of Darwin.

      Also, where did they lie? It’s true that the user data isn’t stored in the Kernel (same with every OS actually), and it’s also true that accessing unencrypted files is faster for the obvious reason that they don’t need to be unencrypted at run time). The only thing I think could be debated is that it would have no impact on security, but seeing as how this model hasn’t negatively impacted the desktop environment I fail to see the issue here either.

      • John Smith

        Partially open source. Much of iOS and some of OS X are closed source, and the open source components generally take a year+ to be uploaded to the open source website.

      • Well that’s partially true. Darwin is 100% open source. It’s the MacOS layer that sits on top of it and adds in all the functionality that makes the OS usable that is closed source. But the Kernel (which is the main point here) is 100% open to the general public to inspect.

        Also, Darwin forms the core set of components upon which iOS, watchOS, and tvOS are based. So if the Kernel is already available as open source to anyone interested I fail to see the huge deal some want to make about shipping products with it unencrypted.

    • Quilliv

      Right………….. >_>

  • Satyam Panchal

    That why Ios 10 1st beta is stable and does this hackers to make jailbreak easy because they unencrypted kernel?

    • Diego Milano

      Exactly my thoughts…

    • Elias Chao

      iH8Sn0w has successfully jailbroken an iPhone 5 because he’s got an iBoot exploit for 32-bit devices for a while. I don’t think this has something to do with the unencrypted kernel.

  • ravinigga

    I hope it stay so, so we can expect for final version jb

    • Diego Milano

      Yeah, it’s suspicious for such a company to do something like this, but who knows… we are still several months away from its release anyway.

  • Gethro

    Oh apple just like that we’re supposed to trust that statement how marvelous.

    • Alexander Sundiev

      Oh, don’t be a Debbie Downer 😉

    • I don’t know why we wouldn’t? Does Apple have a history of lying to us about security and privacy? If they were a shady company or had a dishonest reputation than I think it would be right to question this. But as it is, I’m not aware of any privacy scandals on Apple’s end that should make us distrustful of this. Not to mention, this is how it is on OS X.

  • Diego Milano

    Doesn’t this mean this could potentially open iOS up for any jailbreaking possibility or am I understanding this incorrectly?

    • Not really. The Kernel for iOS is actually open sourced by Apple so anyone can read the code already. Knowing this it actually makes sense to unencrypted it as it means that it can run faster. Previously Apple took a sledge hammer approach and encrypted the entire contents of the flash storage, but it would appear that they are trying to do this more intelligently now and only encrypt the data that really matters. So as far as jailbreaking goes, while there might be something opened up that would be helpful to them, it’s highly unlikely that we learned anything we didn’t know before.

      • While not compromising personal data, does this open up more risks for the device itself for malware, viruses, etc. that Apple typically used to be not a target of in the past?

      • While it’s theoretically possible, the risk isn’t high. There are still safeguards against code changes to the Kernel, apps are still sandboxed, the environment is still run rootless, etc.

        No operating system is perfect but decrypting the Kernel is probably not going to impact security considering all of the other layers of protection above it that are all still guarding against this kind of thing.

        Obviously in the never ending game of cat and mouse that hackers play with companies like Apple someone will find a hole in security. But whether this is encrypted or not probably won’t impact anything in the long run.

      • Diego Milano

        I still believe leaving the kernel of the operating system “open source” does add some advantage to jailbreak hackers, after all, I assume the kernel functions themselves do change from iteration to iteration. Yet, like you said, if no significant hole -either new or old- is to be found, this doesn’t change the current overall big picture for jailbreaking.
        I do believe we won’t be seeing any jailbreak for iOS 9 at this point and hackers will save their tools for iOS 10 when it hits the streets (sadly it won’t be too long for Apple to patch it after that, and the whole loop will begin again, sigh).

  • Elias Chao

    Does that mean iOS 10’s kernel will be always unencrypted?

    • Probably. It’s already open source as-is so encrypting it never really hid anything anyways.

  • Shropshire Bayetae

    If everything that’s was told to us through media, the government, companies, and people were true the world would be a better place. In this day and age question everything. Why?

  • by leaving the kernel unencrypted, will it be easier to discover exploits for jailbreaking? 😀

  • Actually Darwin is 100% open source. The arm variant you reference hasn’t been made open source as of yet, but that’s a fork and the core of Darwin is and has always been 100% open source.

    I think the distinction that you’re making is that iOS, TVOS, watchOS and macOS all add on additional layers to Darwin. But it’s important to remember that MacOS IS NOT Darwin and vice-versa. MacOS runs on top of Darwin but should not ever be considered as part of Darwin.

    For instance, the Carbon and Cocoa APIs along with the Quartz Compositor and Aqua interface are all parts of MacOS and are 100% closed source. So when you say that they’ve left bits out, that’s not true of Darwin, it’s true of the unique layers that are added on top of Darwin. Out of the box, Darwin can’t run software made for the Mac, but that just means that the layers that sit on top of Darwin are closed source, not that Darwin isn’t 100% open source.

    Really at the end of the day, the only thing that we might be able to glean from this that we wouldn’t have had otherwise is some of the aspects unique to running Darwin on ARM based processors and some of the driver implementations and as you pointed out, people are already working to build their own forks for this anyways. Neither of these items are really cause for alarm either, we have these for the desktop already and no one is panicking that MacOS is going to be hacked. That’s my only point here in all of this.