It’s no secret that Apple are fiercely protective of their iOS devices and the walled garden ecosystem they have created around their products. Unfortunately for the company, someone has released the source code for iOS iBoot online, potentially opening up iPhones to considerably simpler jailbreaks and other hacks.
iBoot found its way on GitHub, and was available for public viewing for several hours, eventually Apple caught wind of it and Apple filed a copyright takedown request and had the code pulled. In a somewhat ironic twist, the DMCA notice issued by Apple does also verify that the iBoot code uploaded to GitHub is indeed genuine.
To clarify, as the name implies, iBoots job is part of the iOS which loads the remainder of the Operating System into memory. To put it another way, you can think of it as you would the BIOS of a PC, only unlike a PC which will boot any OS or software it can, iBoot is designed to check that the kernel of iOS is signed by Apple, verifying that it is genuine and hasn’t been modified by hackers.
The one silver-lining for Apple is that the code is designed for iOS 9, considerably older than the iOS 11 found in modern Apple devices. But as developers and coders will tell you, there’s most likely a lot of shared code and similar methodologies behind development between iBoot for iOS 9 and iBoot for iOS 11.
Another potential possibility likely in the back of Apple’s mind is the possibility this will allow talented developers the chance to emulate iOS on non iPhone / iPad devices. In effect, opening up the platform and allowing crazy options like a ‘Virtual Machine’ of sorts of Apple iOS on an Android phone.
In the report over at Vice, they point out this isn’t the first time this code has surfaced, but indeed did pop up last year in the JailBreak subreddit by a Reddit user known as “Apple_Internals“. But the post was largely ignored by the community given that the user had been created essentially to just post the iBoot code, and there wasn’t a high enough trust factor.
Jailbreaking iPhones was very popular with the community at one time, but became considerably trickier when Apple introduced the Secure Enclave Processor, which is a co-processor designed to handle cryptographic operations for data protection key management. It operates separately from the iOS code, so even if the iOS kernel was compromised, the Secure Enclave continues its work.
Apple pay rather handsomely for finding bugs and exploits in iOS, including up to $200,000 USD for Secure Boot Firmware Components, and if a hacker can demonstrate a vulnerability within the Secure Enclave Processor… well, that’ll net you $100,000. Unfortunately for Apple, the sums of money they offer isn’t enough to entice many in the BlackHat community, and they can make more cash by selling things to other companies. A jailbreak on the open market can be worth well over a million dollars.