Has Apple gone mad? More iOS 10 parts left unencrypted in beta 2

By , Jul 6, 2016

iOS 10 beta 2 new wallpaper silver iPhone screenshot 001

As you know, security experts were baffled realizing that the iOS 10 kernel in beta 1 was not encrypted. Apple argued it was no big deal because the kernel contained no user data so the company had left it unencrypted intentionally in order to increase general system performance, in their own words.

But Apple didn’t stop there.

As first discovered by prominent jailbreak developer and iPhone hacker, MuscleNerd, iOS 10 beta 2 actually leaves more parts of the operating system unencrypted.

What’s going on here?

Unencrypted, you say?

“It was no accident. Apple left even more images unencrypted in iOS 10 beta 2,” he tweeted.

As an example, 32-bit boot loaders (tiny programs designed to load a more complex kernel at boot time) and all RAM disks (virtual disks stored in the RAM) are left unencrypted in iOS 10 beta 2. In addition to the 64-bit portion of the iOS 10 kernel that was left unencrypted in beta 1, beta 2 actually leaves the whole kernel unencrypted, both the 32-bit and 64-bit version.

iOS 10 beta 2 unencrypted musclenerd

The image attached to MuscleNerd’s tweet indicates that iOS 10 beta 2 even does not encrypt the main file system (minus user data, of course). Again, Apple did come out and say the iOS 10 kernel was purposefully unencrypted so that security researchers would do their job for them so iOS 10 beta 2 is even more puzzling in that regard.

BTW, “SEP” on the image above stands for Secure Enclave (see further below) and ATV stands for the Apple TV. Keep in mind that Apple may still decide to fully encrypt all parts of iOS 10 in the final release.

Encryption: security vs speed

Encryption costs a lot in terms of speed. Just ask Google: although the Internet giant mandated that all flagship Android devices enable full disk encryption by default, it soon backtracked as users started complaining about abysmally slow performance with encryption turned on.

That’s because Android realizes encryption in software while Apple uses the power of its custom-designed silicon to provide robust encryption that doesn’t cause the system to become notably slower.

Say hello to Secure Enclave

On iOS devices from the iPhone 5s onward, the Secure Enclave, a tiny chip within the main Apple-designed application processor, is responsible for encrypting data as it’s written into flash storage and also processes Touch ID input, authenticates Apple Pay transactions.

Although the Secure Enclave is embedded into the main processor (the A9 chip in the case of the iPhone 6s), no software, service or hardware can read what’s inside. The Secure Enclave has its own firmware, boot loader and code, uses its own encrypted memory and only communicates with the A9 using an interrupt-driven model where the A9 puts some data on a shared memory buffer and then reads back the results.

Are you worried?

“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” was Apple’s explanation after reports that the first beta of iOS 10 came with an unencrypted kernel.

Conventional wisdom has it that leaving certain parts of iOS 10 unencrypted could help weaken the market for zero-day exploits. Apple does not have a bounty program for iOS bugs and the company actually likes the fact that the prices of premium iPhone hacks are so high.

FBI director James Comey said the agency paid at least $1.3 million for the hack which allowed them to gain access to San Bernardino shooter’s iPhone 5c beyond the Lock screen.

In fact, the black market prices for iPhone zero-day exploits is one of the “indirect metrics” Apple’s security teams take into account when evaluating how well they’re doing.

What’s your take on this finding?

Why did Apple leave additional parts of iOS unencrypted in iOS 10 beta 2? Is there a hidden agenda behind this or should we trust Apple when they say they’re optimizing iOS 10’s performance without compromising security?

Source: MuscleNerd via iGen.fr (Google Translate)

  • Share:
  • Follow:
  • Chris Wagers

    Of course there is an agenda. With Apple there is always an agenda. Of course this is just my 2 cents.

  • Agneev Mukherjee

    Seriously, Apple has gone mad?? Couldn’t find anymore headlines?? Tim Cook almost agreed to go behind bars in order to safeguard our Privacy, now they decide to leave the beta 2 unencrypted, which is… maybe because Apple wants firms like TaiG or Pangu to find exploits, but hey, this is a beta and the GM is due in almost 3 months.

  • Satyam Panchal

    Fbi is involved in this and Apple saying they are increaseing performance

    • Bill

      There is probably more truth to this than most realize or are willing to admit.

  • Tony Trenkle Jr.

    They want us to Jailbreak!

    • Rowan09

      That’s what came to my mind, maybe they’re like we’ll just let them jailbreak their phones.

      • Tony Trenkle Jr.

        I hope so! lol

  • Jackson Grong

    Either the FBI demanded this or they are doing it in order to find the exploits governments agency’s use by making it public for all experts to examin.

  • Going out on a limb, IOS 11 will be a full blown redesign with everything being new so that’s just another reason why they are leaving things up this time. Allow for more fixes to make sure things are really secure, then put those into a new Kernel boom IOS 11.. good luck. Either way it’s pretty interesting to see this unfold.

    • Jackson Grong


    • Well, that’s certainly a viable and insightful explanation

  • john snow

    I am not a terrorist or FBI agent. All my data is in Apple’s hands – in iCloud. I don’t need encryption. What do YOU have to hide on your phone?

    • Satyam Panchal

      Gf nudes

      • Wilber Alexander Flores

        Isn’t that what we’re all hiding

    • therealjjohnson

      I would tell you but it’s private. And that’s the way I want to keep it.

    • Bill

      Ahh, the old “why worry if you have nothing to hide” bit. GFYS you government worshipping shill. What’s your next one….”do it for the children!” ? F.O.A.D.

    • BlackSheep_dsg

      privacy isn’t about having anything to hide

  • Ian Weir

    Probably writing a new kernel for the OS

  • DopamineAddicted

    A way to protect users while making it easy to access (god forbid) more terrorist phones.

  • Joey_Z

    Apple ” Please jailbreak ios10, we are running out of ideas for ios 11.”

  • James G

    If it makes jailbreaking easier and more likely, it’s a welcome change. If it makes iPhones more susceptible to hacking, no thanks. I doubt it makes the iPhone less safe, though. Doesn’t seem like something Apple could let go unheeded.

  • Gethro

    iOS 10 beta 2 ate up my data like crazy… Is anyone else having this issue?

    • Me too bro. On iOS 9.3.3 i had ~3 gb’s of storage left, now on iOS 10 beta2 less than 1,5gb. I even restored back to 9.3.3 and installed beta2 again, still the same shit. iPhone 6 16GB. Apple knows how to force you to buy a new phone

      • BlackSheep_dsg

        Think he means mobile/cellular data.

        turn off Wi-Fi assist is settings – mobile/cellular data.

  • Agil1ty

    Apple needs a jailbreak.. Lots of ideas and concepts come from the jailbreak community and devs.. Maybe they opened it up to increase the chance for a jb..?

  • Cristian Meneses

    I have mixed feelings about this.

    One one side, I have all my data on iCloud, so there’s not much that I could hide.

    But on the other hand, I cannot blind myself from seeing some strange relationship between this iOS unencrypted kernel, San Bernardino and the FBI.

    I don’t expect to be hacked by the FBI, and I really don’t care, it just does not feels right.

    Hope I’m wrong.. Anyways, I’m updating now 😛