Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday February 09 2018, @03:35PM   Printer-friendly
from the iPhone-iLeak dept.

Leak of iBoot Code to GitHub Could Potentially Help iPhone Jailbreakers

Apple confirms code was real in DMCA filing with GitHub; code already in circulation

On the evening of February 7, Motherboard's Lorenzo Franceschi-Bicchierai reported that code from the secure boot-up portion of Apple's iOS mobile operating system—referred to as iBoot—had been posted to GitHub in what iOS internals expert Jonathan Levin described to the website as "the biggest leak in history." That may be hyperbole, and the leaked code has since been removed by GitHub after Apple sent a Digital Millennium Copyright Act takedown request. But the situation may still have implications for Apple mobile device security as it could potentially assist those trying to create exploit software to "jailbreak" or otherwise bypass Apple's security hardening of iPhone and iPad devices.

The DMCA notice required Apple to verify that the code was their property—consequently confirming that the code was genuine. While GitHub removed the code, it was up for several hours and is now circulating elsewhere on the Internet.

The iBoot code is the secure boot firmware for iOS. After the device is powered on and a low-level boot system is started from the phone's read-only memory (and checks the integrity of the iBoot code itself), iBoot performs checks to verify the integrity of iOS before launching the full operating system. It also checks for boot-level malware that may have been injected into the iOS startup configuration. This code is a particularly attractive target for would-be iOS hackers because—unlike the boot ROM and low-level boot loader—it has provisions for interaction over the phone's tethering cable.

Relatedly, back in June of last year, a portion of Microsoft's Windows 10 source code has leaked online.

The question, of course, is who had access to the source code, got a copy of it, and was able to post it online?

At this rate, it won't be long before Android source code gets out! =)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by requerdanos on Friday February 09 2018, @08:21PM

    by requerdanos (5997) Subscriber Badge on Friday February 09 2018, @08:21PM (#635692) Journal

    You have bigger problems, if you can't tell the difference between code and that.

    I think you're missing the point. See, if Apple wanted to take down the material in question, for whatever reason (maybe just because it claims to be from Apple, even if it's just a blurry junk photo), they can't, legally, unless they own it.

    This brings up what's (now) known as the "Apple is a bunch of Schlongs and everyone knows it" dilemma.

    If it were not Apple's genuine code, but just a blurry jpeg, they would verify and confirm that it's their genuine code (whether out of malice or "an abundance of caution" doesn't matter) to get control over it and take it down.

    If it were Apple's genuine code, they would verify and confirm that it's their genuine code to exercise control over it and take it down.

    It's not GP that has the problems here, but the DMCA process itself, under which this otherwise ridiculous situation is a real, everyday legal situation. GP is very insightful, and you do rightly detect "big problems" but I think you are missing where they are.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Informative=1, Overrated=1, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3