The biggest leak ever?
In what has been a season of leaks, another leak is here, and it could potentially dethrone every other leak once touted as “the biggest leak ever.” A GitHub user named ZioShiba posted a code named “iBoot” – which is said to be Apple iBoot source code for iOS 9.3 – on GitHub. This could open a huge can of worms if this alleged leak is actually what it purports to be.
What is iBoot source code?
iBoot, an integral component of iOS, is responsible for the authenticated boot of iOS devices. In simpler words, iBoot performs security checks and verifies that the kernel (iOS) is genuine, in addition to any other system files, are properly signed by Apple.
So, when you turn your iPhone on, iBoot is the first thing that gets loaded.
Is this really a big deal?
Yes. Emphatically, YES.
From a security point of view, iBoot is a highly critical part of the iOS that makes Apple’s iPhones stand out. That’s why Apple has been keeping the iBoot source code close to its chest. Over the years, Apple has opened up certain parts of iOS and MacOS, but never the iBoot source code. You can understand its significance from the fact that Apple rewards up to $200,000, one of the highest payments under Apple’s bounty program. If this is truly code for iOS 9.3, it could aid attackers in finding zero days, as well as will developing persistent malware and iPhone jailbreaks.
Okay, what are the potential dangers?
As iBoot authenticates iOS, the first risk comes in the form of jailbreaking. If the perpetrators can find a way to do this, it could make their job much more manageable.
Moreover, there’s also a huge risk of programmers imitating iOS on non-Apple devices.
Many are even suggesting that this could allow an attacker to unlock and decrypt iPhones. This seems highly unlikely as far as the devices with biometric sensors (Touch ID and Face ID) are concerned. That’s because they come with Secure Enclave – a physical, dedicated encryption processor with its own kernel (OS).
One thing is for sure, we will be talking about security researchers finding its flaws for some time.
Am I affected?
Although the leak is said to be for iOS 9, it’s highly likely that the recent versions of iOS still contain some of the same code. That’s why even if your device doesn’t use iOS 9, you’re not out of the woods.
How likely is it that this is a “genuine” leak?
Pretty likely, if we go by the opinions of some researchers. Motherboard, which is a very trustworthy source, has confirmed it with several developers. However, others still aren’t completely convinced. There are still plenty of questions floating around the code, beyond just its authenticity. Questions like, who is behind this? And how did they get a hold of this?
As of now, GitHub has already shut down the repository that hosted the iBoot source code.
As I’m writing this post right now, we haven’t heard anything from Apple yet. It will be interesting to see what the company thinks (and tries to make us think) of this leak. I expect Apple to release a security patch in the upcoming days.
If any of your Apple devices are running on iOS, update them as soon as Apple releases one.