Apple confirms iOS 10 kernel source code left unencrypted intentionally

Pierluigi Paganini June 24, 2016

Apple confirms iOS 10 kernel code left unencrypted intentionally to improve OS performance and ensures that it will have no impact on security.

The news is intriguing, while Apple announced the new release of its mobile operating system, the iOS 10, the experts discovered that its kernel is unencrypted.

The researchers from MIT Technology who reviewed the first developer preview of iOS 10, released at WWDC, made the disturbing discovery.
Initially part of the IT security industry believed that it was a blunder committed by the company, but the analysis of the next beta version of the popular mobile operating system confirmed that the company had intentionally made this technical choice.

The move is strange, considering the previous release implemented several levels of protection to prevent the analysis of the “heart” of the mobile OS.

ios 10

Why?

According to the MIT, Apple will not encrypt the kernel of iOS 10 because it doesn’t include sensitive information of the users.

“The iPhone maker says it stopped obscuring crucial operating system code to boost performance—a change that could also improve device security.” reported the MIT Technology.

“Apple declined to explain the change when contacted on Tuesday. But after the issue gained wider attention, the company released a statement Wednesday saying it had intentionally left the kernel unencrypted—but not for security reasons.”

“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.

This means that the reason is only related to performance matter, but we cannot forget that the kernel is a critical component of the OS, the security features are implemented by the kernel such as other important features.

Let’s hope the company will provide more info about the impact of the technical choice of the performance of the new iOS 10.

The MIT Technology reported the opinion of Jonathan Zdziarski, who explained that these changes could mean more flaws get found and fixed in Apple iOS 10.

“Opening up the OS might help other researchers to find and report bugs, by giving everyone just as much visibility as an advanced and well-funded research team might have,” Zdziarski said.

Opening the OS kernel could help the development community in identifying and reporting bugs, allowing to improve overall security of the OS.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – iOS 10, Apple)



you might also like

leave a comment