Apple confirms iOS 10 kernel source code left unencrypted intentionally

Why?

According to the MIT, Apple will not encrypt the kernel of iOS 10 because it doesn’t include sensitive information of the users.

“The iPhone maker says it stopped obscuring crucial operating system code to boost performance—a change that could also improve device security.” reported the MIT Technology.

“Apple declined to explain the change when contacted on Tuesday. But after the issue gained wider attention, the company released a statement Wednesday saying it had intentionally left the kernel unencrypted—but not for security reasons.”

“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.

This means that the reason is only related to performance matter, but we cannot forget that the kernel is a critical component of the OS, the security features are implemented by the kernel such as other important features.

Let’s hope the company will provide more info about the impact of the technical choice of the performance of the new iOS 10.

The MIT Technology reported the opinion of Jonathan Zdziarski, who explained that these changes could mean more flaws get found and fixed in Apple iOS 10.

“Opening up the OS might help other researchers to find and report bugs, by giving everyone just as much visibility as an advanced and well-funded research team might have,” Zdziarski said.

Opening the OS kernel could help the development community in identifying and reporting bugs, allowing to improve overall security of the OS.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – iOS 10, Apple)