Don’t believe Apple and its fanboys. iBoot source code being leaked (even partially) is a very big security risk.
And iOS 9.3 being 2 years old is irrelevant if almost all of the bootloader is still the same today. Which is likely to be the case.
This is an article about Apple security, iOS security, iOS vulnerabilities, iOS vulnerability, Apple iBoot, Apple history
Jonathan Levin qualifies the leak as “the biggest leak in history”… Apple‘s history, I guess.
The first ones to report on this were Motherboard (Vice). But what is iBoot and what does this leak mean?
iBoot is essentially iOS equivalent to Windows BIOS or UEFI. It’s the primary, most essential piece of software a computer device can run. Yes, phones, like tablets, PCs, Macs, smartwatches, smart TVs etc… are computers too… making Apple’s iPad “what’s a computer?” ad even sillier, btw…
It’s the core interface between hardware and software and it “is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it.” (from the Motherboard article linked above)
This is the absolute core of iOS (and probably TvOS, WatchOS and HomeKit too). And as flaws WILL be discovered there are gonna be malwares written for them. Nasty ones that could prove very difficult to get rid of since they would be embedded in the very core of iOS system and thus would be able to completely control everything happening on an iDevice.
So, what do Apple and its fanboys say to downplay the issue?
- This is an iOS 9 leak and according to Apple itself (9to5 Mac) it’s an “old source code from three years ago“.
No. This being a lie or a mistake, this source code is not from 3 years ago but less than 2 (iOS 9.3 was released on March 21st 2016).
2. iFanboys (and what Apple seems to say implicitly): “iOS 11 or 10 are not affected by this leak.“
This is false. It being about almost 2 years old software is irrelevant if iBoot hasn’t been COMPLETELY updated (100% changed) since. And this is very unlikely since BIOS are not updated frequently and certainly not to an extent it would completely change in 2 years… Or we (via security experts) would have known about it.
So, updating to iOS 11 could prove useless.
I just got it… Could this leak be a way to incite more users to upgrade to iOS 11? We know that its adoption rate is very slow. So, it must not sit very well with Apple.
3. “There are plenty of other security features that can mitigate the impact this leak can have.“
To be clear. No, there is not.
Again, beside completely rewriting iBoot, if an iOS device is compromised at this level, there’s nothing any of the security features we’ve talked about previously can do to protect the user. They could all be bypassed since iBoot level access supersedes the OS.
Maybe even Secure Enclave could be hacked. More so, since it’s possible, like it was at the time of the San Bernardino case (you know, the Apple vs. the FBI farce) it could be updated and replaced by a compromised (cracked) version without wiping the key.
In a nutshell, every little piece of data present on an iDevice could be extracted without major issue, from iMessages and pictures to passwords and to fingerprints and facial imagery.
4. “It’s just a tiny part of iOS, and the leak is incomplete anyway. It can’t do much harm”.
First, the analysis of an incomplete iBoot can still reveal several potential flaws and, thus, tons of malwares based on them can be produced.
Second and as we already emphasized, iBoot isn’t just any part of iOS. It’s arguably the most important and critical one. In fact, it’s such a critical part of iOS security that Apple offers the highest reward ($200,000) of its new bug bounty program (it didn’t have one before 2016) to anyone who can find vulnerabilities in its code.
Note: You may think that $200K is a lot but it’s a small amount compared to what hackers can get if they don’t divulge it and use the discovery of a vulnerability themselves or if they sell an exploit on the black market or even to the FBI (Tech Crunch):
“While $200,000 is certainly a sizable reward […] it won’t beat the payouts researchers can earn from law enforcement or the black market. The FBI reportedly paid nearly $1 million for the exploit it used to break into an iPhone used by Syed Farook, one of the individuals involved in the San Bernardino shooting last December.”
5. “This is old news. The leak happened 4 months ago.”
This is partially true. It was first leaked on Reddit/r/jailbreak on September 22 2017. Though the post was quickly deleted because the poster didn’t have enough Karma under his belt (didn’t post enough or wasn’t part of Reddit long enough prior to creating the thread).
But… that means hackers have had more time to study iOS BIOS (iBoot). Some vulnerabilities may already be exploited by malwares right now and no one would be the wiser. The fact that the code has been on the loose for a good while is no good (nor old) news at all.
So, there you have it, a quick summary of the situation + a debunking of Apple fanboys excuses and justifications when trying to, as usual, bury and dismiss this huge and new Apple (security) problem.