Date: Thursday, June 23rd, 2016, 08:41
Category: Hack, iOS, News, security, Software
This is interesting.
According to users who’ve been testing the iOS 10 beta, Apple apparently left the operating system’s kernel unencrypted. Apple confirmed this on Wednesday, citing that the move was performed to streamline system performance.
An Apple spokesperson stated that because iOS 10’s kernel cache does not contain sensitive information, it does not need to be encrypted.
“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” the representative said.
Apple traditionally obfuscates the kernel in order to protect its prized operating system from unwanted probing or reverse engineering, potentially by nefarious agents. The small risk — or no risk, according to Apple — of furnishing unobscured kernel cache data is likely outweighed by potential benefits.
The move allows security researchers to legitimately dive into the heart of the iOS for the first time, permitting white hat hackers and researchers to find and disclose vulnerabilities publicly in an effort to secure consumer devices.
Further, Apple’s move could deflate the iOS exploit market run by so-called “gray hats,” or experts who take part in the ethically questionable practice of selling software vulnerabilities to government agencies or companies. The issue is of particular interest to Apple, a company that just this year tussled in court with the U.S. Justice Department over data privacy.
If you’ve had a chance to play around with the iOS 10 beta, please let us know what you make of it in the comments.