Why A Huge iOS Leak Means New Hacking Risks For Your iPhone

02.08.18 1 week ago

UPROXX/Shutterstock

Hacking is a common problem these days, and Apple’s products are just a susceptible as any. Usually, they’re in the form of annoying bugs or fancy features being overcome by simple means. A new leak, however, reveals some of Apple’s most important secrets.

Specifically, what’s leaked is the code that starts up your iPhone, iBoot. And that means plenty of new security risks:

  • iBoot is essentially how your phone wakes up from being shut off: In technical parlance, iBoot is a “bootloader.” Think of it as the alarm clock for your device; when you first turn it on, the software that you usually run, like the operating system, isn’t generally stored where a device can easily get at it and fire it up. So a bootloader serves as the tools to get everything up and running, “waking up” everything and getting it operating.
  • That makes bootloader vulnerabilities extremely dangerous: When some Android bootloader vulnerabilities were found in late 2017, they theoretically allowed hackers to place viruses, keyloggers, and other bits of malicious code right in the bootloader, meaning your device could be infected and suffer “permanent denial-of-service” attacks, that is, they make it impossible to use your phone, for good.
  • It’s not clear if the version of iBoot that leaked has any vulnerabilities: The code was on Reddit for a while before being posted to coding site GitHub and confirmed as the real deal by Apple when it issued a legal order to remove the code. It appears to be the source code for iBoot from iOS 9, so it’s outdated, but iOS 11’s iBoot probably has many similarities. And now it’s likely out there permanently.
  • The good news is that the people most likely to find mistakes are technical researchers: Apple tends to keep its source code away from the larger computer science community, which isn’t common practice. Technical researchers will likely dig into and find vulnerabilities in the code before criminals do, especially as Apple has a “bug bounty” out that gives researchers $200,000 a pop for any bugs they find in bootloaders. Ironically, in the long run, this may make iOS safer, as researchers find vulnerabilities Apple missed.
  • Still, there’s now a chance of a serious bug or attack on iPhones: The best thing to do is stay on top of your updates, as system updates are generally how companies patch security flaws. Beyond that, if you’re really concerned, you can always excise your crucial data like photos and passwords from your phone, and only use one credit card to buy apps and otherwise make payments with your iPhone.

In other words, don’t panic. But now’s a good time to secure your iPhone, back up your data, and generally get your device locked down to the point that you’re comfortable.

Around The Web