A user has just posted iPhone source code on Github that could very well open up the operating system for hackers and security researchers to better make iPhone jailbreaks.
Apple has since issued a takedown notice, requiring the website to remove the offending files, but the iPhone source code – referred to as “iBoot” – is the part of the operating system that is responsible for ensuring a “trusted boot” of the operating system. In simpler terms, it’s the program that loads iOS, and having vulnerabilities exposed may crack the operating system wide open for hackers and other developers that are looking to fully unlock Apple’s very restrictive operating system.
The iPhone source code released says that it’s for iOS 9, which is quite outdated at this point, but there’s a large possibility that some of the vulnerabilities are still present in iOS 11 and can be exploited to make a fully-unlocked phone much easier to achieve.
As a developer that desires complete control over their devices and operating systems, Apple has been quite hesitant to release the code that runs iOS to the public, although they have made some of the code available in recent years. However, the boot process iPhone source code contained in iBoot has remained private until recently. Bugs found in the Apple boot code are the most important to Apple, with the company offering a payment of up to $200000 for newly discovered vulnerabilities in this process, but the company is obviously not pleased with the incredibly sensitive code being published on GitHub for all to see.
Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told Motherboard in an online chat that “this is the biggest leak in history…It’s a huge deal.”
He continued on to suggest that the code appeared to be real iPhone source code because it aligned with the code he had reverse engineered himself. We currently don’t know who is behind the leak, and Apple declined Motherboard’s request for comment.
As mentioned above, Apple issued a DMCA notice demanding that the files be taken down as the iPhone source code is proprietary and private, containing Apple’s copyright notice. The fact that the company was so quick to issue this notice reinforces the fact that the source code is legitimate.
Levin states that the new leak regarding iBoot could pave the way for tethered jailbreaks that require the phone to be connected to a computer when booting. These types of jailbreaks used to be common on older versions of iOS, but as Apple has increased the security of their operating system with features such as the Secure Enclave Process chip, it’s been more and more difficult to unlock phones in this manner. While the iPhone source code has since been taken down, it was surely up long enough for hackers to get a copy and start taking advantage of any flaws in the boot process. As more jailbreaks come out that take advantage of these vulnerabilities, there’s a high probability that Apple will take all steps possible in order to keep their phones locked down. If past history is any indication, however, hackers will continue their quest to unlock the iPhone and give users full control over their devices.
Although this recent posting on GitHub is the most widely publicized leak of the documents, this actually isn’t the first time the iPhone source code has made an appearance. Last year, a Reddit user with the moniker “apple_internals” posted the same code on the jailbreak subreddit. Due to the user’s low amount of Reddit Karma and new account, the post was quickly buried. The fact that the code is available on GitHub and is making the rounds through media outlets across the web confirms that jailbreakers now have their hands on the information and are posing a real threat to the security of Apple’s operating system.
“iBoot is the one component Apple has been holding on to, still encrypting its 64 bit image…And now it’s wide open in source code form,” Levin continued.
While the release of the iPhone source code is no doubt a boon for the jailbreaking community, it’s a serious problem for Apple as they strive to keep their operating system locked down. It’s likely we’ll see some changes in the source code moving forward in order to address some of the damage that is now possible at the hands of enterprising hackers.