SoylentNews is people
SoylentNews
Leak of iBoot Code to GitHub Could Potentially Help iPhone Jailbreakers
Apple confirms code was real in DMCA filing with GitHub; code already in circulation
On the evening of February 7, Motherboard's Lorenzo Franceschi-Bicchierai reported that code from the secure boot-up portion of Apple's iOS mobile operating system—referred to as iBoot—had been posted to GitHub in what iOS internals expert Jonathan Levin described to the website as "the biggest leak in history." That may be hyperbole, and the leaked code has since been removed by GitHub after Apple sent a Digital Millennium Copyright Act takedown request. But the situation may still have implications for Apple mobile device security as it could potentially assist those trying to create exploit software to "jailbreak" or otherwise bypass Apple's security hardening of iPhone and iPad devices.
The DMCA notice required Apple to verify that the code was their property—consequently confirming that the code was genuine. While GitHub removed the code, it was up for several hours and is now circulating elsewhere on the Internet.
The iBoot code is the secure boot firmware for iOS. After the device is powered on and a low-level boot system is started from the phone's read-only memory (and checks the integrity of the iBoot code itself), iBoot performs checks to verify the integrity of iOS before launching the full operating system. It also checks for boot-level malware that may have been injected into the iOS startup configuration. This code is a particularly attractive target for would-be iOS hackers because—unlike the boot ROM and low-level boot loader—it has provisions for interaction over the phone's tethering cable.
Relatedly, back in June of last year, a portion of Microsoft's Windows 10 source code has leaked online.
The question, of course, is who had access to the source code, got a copy of it, and was able to post it online?
At this rate, it won't be long before Android source code gets out! =)
(Score: 0) by Anonymous Coward on Friday February 09 2018, @03:44PM (1 child)
Great news! Let's see what our hero Michael David Crawford can do with this source code. Something amazing, as always!
(Score: 0) by Anonymous Coward on Friday February 09 2018, @04:12PM
What will you do with it? Nothing? Alright then. Shut up.
(Score: 0) by Anonymous Coward on Friday February 09 2018, @03:48PM (1 child)
It's in the T&C man, dincha read'it?
(Score: 0) by Anonymous Coward on Friday February 09 2018, @04:06PM
Yes I did which is why I don't have 50 bazillion github accounts. Remember "one person or legal entity may maintain no more than one free account" and good luck arguing that multiple personalities count as legal entities.
(Score: 0) by Anonymous Coward on Friday February 09 2018, @03:48PM (5 children)
After years of apple paying off researchers for holes, we may finally have jailbreaks again.
(Score: 0) by Anonymous Coward on Friday February 09 2018, @05:10PM
Not so long for TLA free game reserve, that is the real purpose of jail breaks.
(Score: 4, Touché) by bob_super on Friday February 09 2018, @05:50PM (3 children)
"We" ?
To use said jailbreaks, one first needs to hand money to Apple to get the hardware. That's a against my religion.
(Score: 2, Offtopic) by realDonaldTrump on Friday February 09 2018, @11:18PM (2 children)
I am Presbyterian Protestant. I go to Marble Collegiate Church. Tremendous church and they have nothing against Apple. But I stopped using my iPhone, I'm on Samsung now. I'm boycotting Apple. Until such time as they hand over the information about the San Bernardino terrorists. That our FBI asked for very nicely. They call it privacy, I call it OBSTRUCTION OF JUSTICE. And they need to lower their prices a little, I'm not made of money!!!!
(Score: 2) by bob_super on Friday February 09 2018, @11:29PM (1 child)
First, Trump always says "I'm very rich!". All. The. Time.
Second, the irony of the America-first build-a-wall tear-trade-agreement president using a Korean-maker phone rather than a US (made in China) one...
(Score: 2) by realDonaldTrump on Saturday February 10 2018, @11:12PM
I am really rich. But not for long. The new Tax Act is hitting me so hard, my head is spinning. It's great for our companies, it's great for America. But for me personally it's very expensive.
(Score: 3, Insightful) by SomeGuy on Friday February 09 2018, @04:02PM (2 children)
Got to love how people throw around the term "secure". Secure from what? Secure from YOU. :P
With how much DMCA demands are abused these days, how can we REALLY be sure that the code in question wasn't just a blurry picture of someone's shlong that happened to vaguely resemble Apple's code?
(Score: 1, Flamebait) by Freeman on Friday February 09 2018, @06:04PM (1 child)
You have bigger problems, if you can't tell the difference between code and that. I would recommend seeing an Opthamologist. The giant square things you see flying by you as you drive are cars, trucks, etc.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Interesting) by requerdanos on Friday February 09 2018, @08:21PM
I think you're missing the point. See, if Apple wanted to take down the material in question, for whatever reason (maybe just because it claims to be from Apple, even if it's just a blurry junk photo), they can't, legally, unless they own it.
This brings up what's (now) known as the "Apple is a bunch of Schlongs and everyone knows it" dilemma.
If it were not Apple's genuine code, but just a blurry jpeg, they would verify and confirm that it's their genuine code (whether out of malice or "an abundance of caution" doesn't matter) to get control over it and take it down.
If it were Apple's genuine code, they would verify and confirm that it's their genuine code to exercise control over it and take it down.
It's not GP that has the problems here, but the DMCA process itself, under which this otherwise ridiculous situation is a real, everyday legal situation. GP is very insightful, and you do rightly detect "big problems" but I think you are missing where they are.
(Score: 2) by Pino P on Friday February 09 2018, @04:49PM (1 child)
AOSP is free software. But because the following components are not free, some users of other forums consider Android a non-free system as a whole and therefore little if at all better than iOS:
(Score: 2) by Nerdfest on Friday February 09 2018, @07:31PM
Well, Google play services are definitely not required for Android. With the others, it's enough to allow people to get a VM based implementation for x86 hardware going. That's at least little better than a locked down OS and walled garden, isn't it? Some open hardware and we're all set.
(Score: 2) by requerdanos on Friday February 09 2018, @08:01PM
There is a big difference between "verify" and "claim," and really all Apple had to do was the latter.
See, if the code that Apple wanted taken down was NOT their property, then they have zero rights to suppress, attack, oppress, etc. under the law. Apple is a big suppress, attack, oppress DRM powerhouse and that's their thing. This is a great incentive for them, being how they are, to just say the code's theirs because that gives them the *power* (muahaha) to go after and attack what they dislike.
An interesting situation.
If it were not Apple's genuine code, being what they are, they would verify and confirm that it's their genuine code. (whether out of malice or "an abundance of caution" doesn't matter).
If it were Apple's genuine code, being what they are, they would verify and confirm that it's their genuine code.
Bottom line, I don't this confirms anything.
(Score: 5, Insightful) by crafoo on Friday February 09 2018, @08:09PM
What a crazy world, where the code running our systems is closed and secret. I miss the days of manufacturers providing computing devices with real manuals, built-in programming environments, and even schematics to the hardware. Closed, proprietary systems won in the marketplace. Walled software gardens won. Proprietary software drivers and firmware won. I don't like how things turned out. I think we are poorer for it. Or more accurately, a few demanded everyone else sacrifice for their benefit and we all agreed to do so. How long before using a compiler will be considered "weird", and shortly thereafter, "subversive".