Apple’s walled garden is partly made possible through its closed, proprietary software. While Microsoft has made a U-turn on its stance on Linux and open source in general, Apple remains steadfast in embracing a “security through obscurity” philosophy. That stance, however, will soon be put to the test now that a critical piece of software used to secure Apple’s devices has now been leaked on the Internet in a very big way. Source code for Apple’s iBoot bootloader has been posted on GitHub, potentially opening the doors for hackers and security researches to more easily break into iPhones.
This actually isn’t the first time iBoot source code has been leaked. That happened already last year, but the source and venue (Reddit) lead many to doubt its veracity. Now even leading iOS developers and hackers such as Jonathan Levin confirm that what was made available for public eyes match their own reverse engineering results. In other words, this could very well be the real deal or at least close to it. The version of iBoot is explicitly for iOS 9, but parts of it could still be in use on iOS 11 today.
This is a very big deal for the iOS hacking community. iBoot is pretty much the security guard at the front gate of iPhones. It is responsible for ensuring that a verified and secure version of iOS is loaded at boot. Getting access to its source code is the next best thing hackers and modders could get their hands on to get into iOS.
Of course it’s not a sure deal yet. What the source code leak simply means is that developers and security researchers will now have a better idea of how iBoot works and, from there, discover the vulnerabilities that, in turn, could help them gain privileged, and unauthorized, access to iOS internals. It could eventually revive the once active and busy jailbreaking community that was just recently on the verge of extinction.
How long this favorable, at least for hackers, situation will last is anyone’s guess. For one, there is no assurance that this is even near the iOS 11 version of iBoot. Apple could also take swift action to plug up whatever holes there are left. Since everything is obscured behind a veil of secrecy, hackers and researchers will still be working in uncertainty. But at least that work may have now become just a bit easier.