rapidmobile

Apple iBoot Code Leaked on GitHub

The proprietary source code to Apple’s iBoot firmware in iPhones, iPads and other iOS devices has leaked into a public GitHub repo.

Apple had noted earlier that the iBoot source code leak was genuine but also mentioned that the source code was created around three years back for iOS 9 and wasn’t officially released to public domain. Therefore, there was nothing to worry about because the source code is out-dated.

Furthermore, Apple stated that its products’ security never relies upon the confidentiality of the source code but now that the baseband source code has been released online, Apple couldn’t come up with an instant response.

Apple sent a DMCA legal notice to GitHub for taking down the baseband source code and to remove it altogether.

Lawyers acting on behalf of Apple on Thursday described the leak as a “reproduction of Apple’s iBoot source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software.”

The takedown request said that “the iBoot source code is proprietary and it includes Apple’s copyright notice. It is not open source.”

GitHub was quick to respond and took down the code almost immediately. However, the act of sending notice to GitHub has further reinforced the fact that the leaked code is indeed genuine.

Apple in a statement said,

“Old source code from three years ago appears to have been leaked,” 

But by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

It is worth noting that the source code was present on GitHub and the code happened to be that of a core component of iPhone OS. Due to its unceremonious leaking online, hackers and security researchers would easily identify flaws in iOS software as well as carry out jailbreaks without much difficulty. That’s because the iBoot code is part of iOS and its responsibility is to verify that the OS is being booted appropriately.

It is the iBoot program that loads the iOS and turns on the iPhone. It is also responsible for verifying that kernel is signed by Apple before executing it. Apple is claiming that the software is out-dated but experts noted that some of its portions are still being used, for instance, it is present in iOS 11.

Thanks to the use of the Secure Enclave Processor chip in modern iPhones, jailbreaking iOS and accessing a phone’s data has been made into an unattractive challenge by Apple.

But leaks of this kind potentially open up the scope for iPhone hacking and no doubt a degree of furore will be churning away in communities that love nothing more than getting stuck into a piece of private code.

 

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services