For the first time in iOS history, a version of the OS has been released with a decrypted kernel
Brought to light by security researchers from MIT Technology Review, it has been revealed that the recently released Developer Beta for iOS 10 Beta features an unencrypted kernel. Due to this, anyone can examine the entire code of the Kernel, which can be considered the heart of the operating system. No previous version of iOS has been released with an unencrypted kernel, final release or beta; so why the change?
There are both pros and cons for this change but since Apple hasn’t released any statement about this change, security researchers have been left wondering if this was an intentional move by Apple or if someone in Apple messed up?According to security researcher Mathew Solnik, with the code for the kernel being public knowledge, researchers will be able to study it in depth to figure out how it works in order to find out ways to compromise security. Jonathan Levin, a well known author who wrote a book about iOS has said that with the kernel unencrypted, there is no need to go through the arduous task of reverse engineering it which is the first step in finding vulnerabilities. He speculates that “someone inside the company screwed up royally.”
But you do need to remember that this is Apple we’re talking about. Such glaring mistakes don’t just slip through. On the flip-side, Jonathan Zdziarski echoes this sentiment and proposed that Apple may have wanted more people to research and find vulnerabilities in the kernel before the final release of iOS 10 in order to make it more robust and secure.
“Opening up iOS for anyone to examine could weaken that market by making it harder for certain groups to hoard knowledge of vulnerabilities,” Zdziarski says.
Considering that this is Apple we’re talking about and with such a major release involved, it’s highly unlikely that this could be a mistake on Apple’s part. Each iOS release goes through numerous levels of review and the fact that the iOS Developer Beta is still live and not pulled lays more credence to the latter theory.