Apple confirms iOS 10 kernel source code left unencrypted intentionally

Apple confirms iOS 10 kernel code left unencrypted intentionally to improve OS performance and ensures that it will have no impact on security.

The news is intriguing, while Apple announced the new release of its mobile operating system, the iOS 10, the experts discovered that its kernel is unencrypted.

The researchers from MIT Technology who reviewed the first developer preview of iOS 10, released at WWDC, made the disturbing discovery.
Initially part of the IT security industry believed that it was a blunder committed by the company, but the analysis of the next beta version of the popular mobile operating system confirmed that the company had intentionally made this technical choice.

The move is strange, considering the previous release implemented several levels of protection to prevent the analysis of the “heart” of the mobile OS.

Why?

According to the MIT, Apple will not encrypt the kernel of iOS 10 because it doesn’t include sensitive information of the users.

“The iPhone maker says it stopped obscuring crucial operating system code to boost performance—a change that could also improve device security.” reported the MIT Technology.

“Apple declined to explain the change when contacted on Tuesday. But after the issue gained wider attention, the company released a statement Wednesday saying it had intentionally left the kernel unencrypted—but not for security reasons.”

“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.

This means that the reason is only related to performance matter, but we cannot forget that the kernel is a critical component of the OS, the security features are implemented by the kernel such as other important features.

Let’s hope the company will provide more info about the impact of the technical choice of the performance of the new iOS 10.

The MIT Technology reported the opinion of Jonathan Zdziarski, who explained that these changes could mean more flaws get found and fixed in Apple iOS 10.

“Opening up the OS might help other researchers to find and report bugs, by giving everyone just as much visibility as an advanced and well-funded research team might have,” Zdziarski said.

Opening the OS kernel could help the development community in identifying and reporting bugs, allowing to improve overall security of the OS.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – iOS 10, Apple)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.