Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 10 submissions in the queue.

Leak of iBoot Code to GitHub Could Potentially Help iPhone Jailbreakers

posted by Fnord666 on Friday February 09 2018, @03:35PM   Printer-friendly
from the iPhone-iLeak dept.

martyb writes:

Leak of iBoot Code to GitHub Could Potentially Help iPhone Jailbreakers

Apple confirms code was real in DMCA filing with GitHub; code already in circulation

On the evening of February 7, Motherboard's Lorenzo Franceschi-Bicchierai reported that code from the secure boot-up portion of Apple's iOS mobile operating system—referred to as iBoot—had been posted to GitHub in what iOS internals expert Jonathan Levin described to the website as "the biggest leak in history." That may be hyperbole, and the leaked code has since been removed by GitHub after Apple sent a Digital Millennium Copyright Act takedown request. But the situation may still have implications for Apple mobile device security as it could potentially assist those trying to create exploit software to "jailbreak" or otherwise bypass Apple's security hardening of iPhone and iPad devices.

The DMCA notice required Apple to verify that the code was their property—consequently confirming that the code was genuine. While GitHub removed the code, it was up for several hours and is now circulating elsewhere on the Internet.

The iBoot code is the secure boot firmware for iOS. After the device is powered on and a low-level boot system is started from the phone's read-only memory (and checks the integrity of the iBoot code itself), iBoot performs checks to verify the integrity of iOS before launching the full operating system. It also checks for boot-level malware that may have been injected into the iOS startup configuration. This code is a particularly attractive target for would-be iOS hackers because—unlike the boot ROM and low-level boot loader—it has provisions for interaction over the phone's tethering cable.

Relatedly, back in June of last year, a portion of Microsoft's Windows 10 source code has leaked online.

The question, of course, is who had access to the source code, got a copy of it, and was able to post it online?

At this rate, it won't be long before Android source code gets out! =)

Original Submission

 
This discussion has been archived. No new comments can be posted.
Leak of iBoot Code to GitHub Could Potentially Help iPhone Jailbreakers | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by requerdanos on Friday February 09 2018, @08:01PM

    by requerdanos (5997) Subscriber Badge on Friday February 09 2018, @08:01PM (#635675) Journal

    The DMCA notice required Apple to verify that the code was their property—consequently confirming that the code was genuine.

    There is a big difference between "verify" and "claim," and really all Apple had to do was the latter.

    See, if the code that Apple wanted taken down was NOT their property, then they have zero rights to suppress, attack, oppress, etc. under the law. Apple is a big suppress, attack, oppress DRM powerhouse and that's their thing. This is a great incentive for them, being how they are, to just say the code's theirs because that gives them the *power* (muahaha) to go after and attack what they dislike.

    An interesting situation.

    If it were not Apple's genuine code, being what they are, they would verify and confirm that it's their genuine code. (whether out of malice or "an abundance of caution" doesn't matter).

    If it were Apple's genuine code, being what they are, they would verify and confirm that it's their genuine code.

    Bottom line, I don't this confirms anything.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2