Apple had something of a nightmare yesterday. A big nightmare. A nightmare involving visions of the corporation shaped in the form of a leaky bucket.
In report on Motherboard, it was revealed that an anonymous source had posted a portion of Apple’s iOS source code on GitHub. The leak was for a critical part of the operating system, dubbed iBoot, which starts up the system on an iPhone when a user turns it on. This ensures the code on the phone that’s being run originates from Apple.
Motherboard quoted Jonathan Levin, an author of numerous books on iOS and macOS system programming, saying it was the biggest leak in Apple’s history, and he’s not far wrong. Apple used the Digital Millennium Copyright Act (DMCA) to force GitHub to take the code down, but in doing so, basically admitted that the code was genuine. According to research scientist Karl Koscher, by issuing a DMCA takedown order, Apple faced perjury charges if the code wasn’t authentic.
Fun thing about the DMCA: it required Apple to state, under penalty of perjury, that the iBoot source code was legit: https://t.co/PKHZqcEe6h
— Karl (@supersat) February 8, 2018
The code may be gone from GitHub, but it’s a pretty safe bet that it was copied by a fair few folk before the DMCA hammer came down. This means it’s now out in the wild, which some experts say will make, among other things, jailbreaking iPhone handsets a hell of a lot easier.
Apple, for its part, has downplayed the leak, saying the code is over three years old.
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code,” Apple said in a statement. “There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
While that sounds all well and good, this leak could have some serious ramifications for Apple’s consumer base. First off, believe it or not, there are a ton of users out there who own Apple devices that are more than three years old; MacWorld says that nearly 95% of Apple customers use older versions of iOS.
Second, iBoot could give hackers intimate knowledge of how Apple builds its OS from the ground up. Sure, security measures on current versions of iOS may provide protection from most, but pouring over lines of code could give hackers insights into vulnerabilities and potential weak spots that hackers were heretofore unaware of.
We wish we had better news folks…