Apple is a company well known for it’s secrecy surrounding upcoming products and features. The company has it’s own dedicated Global Security team, tasked with monitoring possible leaks and tracking down the source. So it was a shock to many when the source code behind iBoot, the second-stage bootloader responsible for securely launching iOS, was leaked February 7th, 2018.
The source code that leaked was from a version of iBoot that ran alongside iOS 9.3, making it outdated by a couple of years. This may make it sound like there is little to no risk, given that Apple reports that only 7% of all active iOS devices are using a version of iOS less than 10. However, this code still holds significance in the world of mobile security, allowing security researchers and hackers alike to directly view the code responsible for checking code signatures and launching iOS on the iPhone, iPad, and iPod Touch.
Although the most up-to-date version of iBoot may eliminate some of the flaws that can be found in the leaked code, it is still entirely possible for vulnerabilities to still exist between both versions, and if not, the code still provides valuable insight for a low-level system process that could be used to compromise, or jailbreak, an iOS user’s device. Information learned from the source code could also lead to the future emulation of iOS on unsupported platforms.
The leak originated from a Reddit post made with a throw-away account in September of 2017 on the r/jailbreak subreddit, linking to a download of the source code. The post made little traction due to the subreddit’s policy for new users, however the leak gained publicity when links to the post began appearing on Twitter. Shortly after the original link was taken down, the code was re-uploaded to GitHub, and has continued to show up on the site despite Apple’s multiple DMCA take-down requests.
The iBoot leak itself also makes a statement for Apple’s security, which within the past week has dealt with numerous leaks of internal files and information, including future Apple Watch firmware, development Apple TV firmware, a large leak of private links to Apple sales material, and even the source code for the Baseband from iOS 9.3. Leaks like these can come from unsecured web servers as well as employees who either accidentally or purposefully give away the information. Apple has reportedly led investigations within the company to find leakers through their Global Security team, sometimes taking years to track down the source of an information leak. What Apple does now about their security in response to the breaches mentioned has yet to be seen.
Sources:
- https://motherboard.vice.com/en_us/article/a34g9j/iphone-source-code-iboot-ios-leak
- https://theoutline.com/post/1766/leaked-recording-inside-apple-s-global-war-on-leakers?zd=1&zi=dj4fu5jz
- https://www.theiphonewiki.com/wiki/IBoot_(Bootloader)
- https://www.theiphonewiki.com/wiki/Baseband_Device
- https://developer.apple.com/support/app-store/
- https://www.reddit.com/r/jailbreak/comments/71p5qs/newsiboot_bootrom_ibss_ibec_illb_source_codes/
- https://github.com/github/dmca/blob/master/2018/2018-02-07-Apple.md
-Alex Noel
RIT Cyber Security Policy and Law Class Blog 