from the so-I-guess-he-will-never-work-there dept.
A former Apple intern has been blamed for a leak of iOS source code. The intern reportedly distributed it to five friends in the iOS jailbreaking community, and the code eventually spread out of this group:
Earlier this week, a portion of iOS source code was posted online to GitHub, and in an interesting twist, a new report from Motherboard reveals that the code was originally leaked by a former Apple intern.
According to Motherboard, the intern who stole the code took it and distributed it to a small group of five friends in the iOS jailbreaking community in order to help them with their ongoing efforts to circumvent Apple's locked down mobile operating system. The former employee apparently took "all sorts of Apple internal tools and whatnot," according to one of the individuals who had originally received the code, including additional source code that was apparently not included in the initial leak.
Apple confirms code was real in DMCA filing with GitHub; code already in circulation
On the evening of February 7, Motherboard's Lorenzo Franceschi-Bicchierai reported that code from the secure boot-up portion of Apple's iOS mobile operating system—referred to as iBoot—had been posted to GitHub in what iOS internals expert Jonathan Levin described to the website as "the biggest leak in history." That may be hyperbole, and the leaked code has since been removed by GitHub after Apple sent a Digital Millennium Copyright Act takedown request. But the situation may still have implications for Apple mobile device security as it could potentially assist those trying to create exploit software to "jailbreak" or otherwise bypass Apple's security hardening of iPhone and iPad devices.
The DMCA notice required Apple to verify that the code was their property—consequently confirming that the code was genuine. While GitHub removed the code, it was up for several hours and is now circulating elsewhere on the Internet.
The iBoot code is the secure boot firmware for iOS. After the device is powered on and a low-level boot system is started from the phone's read-only memory (and checks the integrity of the iBoot code itself), iBoot performs checks to verify the integrity of iOS before launching the full operating system. It also checks for boot-level malware that may have been injected into the iOS startup configuration. This code is a particularly attractive target for would-be iOS hackers because—unlike the boot ROM and low-level boot loader—it has provisions for interaction over the phone's tethering cable.
Relatedly, back in June of last year, a portion of Microsoft's Windows 10 source code has leaked online.
The question, of course, is who had access to the source code, got a copy of it, and was able to post it online?
At this rate, it won't be long before Android source code gets out! =)