Crucial iPhone source code leaks online (updated)

8 Feb 2018

iPhone X. Image: hurricanehank/Shutterstock

Experts are calling this Apple iOS leak one of the biggest in history.

Updated, 10.33am, 9 February 2018: Apple has provided a statement addressing the leaked code: “Old source code from three years ago appears to have been leaked.”

It added: “By design the security of our products doesn’t depend on the secrecy of our source code.

“There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

Source code for a core component in the operating systems of the iPhone and iPad has been posted on GitHub, according to Motherboard.

The code is labelled ‘iBoot’ and is a component of iOS that ensures a trusted boot of a device’s operating system.

The same code was previously shared on Reddit several months ago. The Reddit user who posted the code was relatively new to the website, so the code was subsequently buried relatively quickly.

Security experts say the code appears to be legitimate and is from a version of iOS 9, released in 2015. While this means that not all the code will be entirely relevant to devices currently updated to iOS 11, it is likely that some of the older code is still in existence within Apple’s newest iteration.

There are also some files missing from the GitHub leak, meaning the code can’t be compiled.

According to experts, this may not be too much of an obstacle for hackers and researchers as the existing code could still provide a treasure trove in terms of locating vulnerabilities and creating device jailbreaks for an iPhone or iPad.

Apple notoriously secretive

Apple is not a company that generally releases its code to the general public and iBoot is specifically important, as bugs in the boot process would see Apple paying out the maximum amount ($200,000) to bug bounty hunters if they found anything untoward.

As MacRumors pointed out, modern iOS devices have Secure Enclave processor protection, which hardens device security. Previous iterations of iBoot saw vulnerabilities located that allowed hackers, or those who want to jailbreak devices, to force their way through a lock screen and decrypt private data.

The importance of iBoot cannot be understated. It is responsible for providing the Recovery Mode option to fix glitching devices.

Complaint filed

Apple has filed a Digital Millennium Copyright Act complaint forcing GitHub to remove the source, pointing to the code being legitimate proprietary information.

According to The Register, eagle-eyed users can still find clones of the software blueprints on GitHub if they do some cursory digging.

While the leak will probably not have any widespread repercussions for the vast majority of Apple device users, it will be of interest to those who want to sift through firmware code looking for unexplored ways to fiddle with iPhones and iPads.

iPhone X. Image: hurricanehank/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com