The code to the iOS 9 version of the iPhone’s iBoot software—the proprietary system that ensures trusted launches of iOS, and one of Apple’s closely held secrets—leaked this week on Github, the open-source code repository. According to Motherboard, sources now say a low-level employee who stole the code at work was responsible.
Motherboard’s sources say that a low-level employee with ties to the jailbreaking community was working at the company’s headquarters in Cupertino, California in 2016 when he decided to bring home the code and share it with a small number of other people. They then shared the code with an increasing number of other coders until it eventually leaked on Reddit, and was subsequently uploaded to Github by someone unknown to the original coterie of jailbreaking enthusiasts.
Per the report, the individual also downloaded additional Apple internal tools which have not yet been leaked:
According to these sources, the person who stole the code didn’t have an axe to grind with Apple. Instead, while working at Apple, friends of the employee encouraged the worker to leak internal Apple code. Those friends were in the jailbreaking community and wanted the source code for their security research.
The person took the iBoot source code—and additional code that has yet to be widely leaked—and shared it with a small group of five people.
Eventually others joined the group of five people and the code spread from there, despite the possibility it could be used to compromise iPhone security and the likelihood of an investigation and massive legal retaliation from Apple. No one is sure who leaked the code, but made its way to a Discord server before someone uploaded it to a Mega archive and linked it on Reddit with the title “[news]iboot bootrom ibss ibec illb source codes.”
“I personally never wanted that code to see the light of day,” one of the sources told Motherboard. “Not out of greed but because of fear of the legal firestorm that would ensue.”
When it made it to Github, Apple issued a DMCA takedown notice, which required them to confirm the material was genuinely the proprietary Apple code.
As noted by Ars Technica, it’s possible that the jailbreaking community could use the code to develop new methods of breaking Apple’s built-in restrictions on how their phones are used, though security experts say much of the relevant information was already known. The site also noted that Apple has layered security so that it is very unlikely even an attacker exploiting any theoretical iBoot vulnerabilities could break an iOS device’s cryptographic security, though other kinds of attacks are possible. Security researcher Patrick Wardle reminded Mashable that simply having access to code does not necessarily make a well-designed OS less secure, noting that Linux is quite secure despite being totally open-source.
Since the posted version was from iOS 9, it’s likely that Apple has additionally made major alterations to the way iBoot works since. According to CNET, Apple says only seven per cent of users are still running that release of iOS, though that number includes somewhere in the neighbourhood of 70 million people. [Motherboard]