Enlarge (credit: Samuel Axon)
On the evening of February 7, Motherboard’s Lorenzo Franceschi-Bicchierai reported that code from the secure boot-up portion of Apple’s iOS mobile operating system—referred to as iBoot—had been posted to GitHub in what iOS internals expert Jonathan Levin described to the website as “the biggest leak in history.” That may be hyperbole, and the leaked code has since been removed by GitHub after Apple sent a Digital Millennium Copyright Act takedown request. But the situation may still have implications for Apple mobile device security as it could potentially assist those trying to create exploit software to “jailbreak” or otherwise bypass Apple’s security hardening of iPhone and iPad devices.
The DMCA notice required Apple to verify that the code was their property—consequently confirming that the code was genuine. While GitHub removed the code, it was up for several hours and is now circulating elsewhere on the Internet.
The iBoot code is the secure boot firmware for iOS. After the device is powered on and a low-level boot system is started from the phone’s read-only memory (and checks the integrity of the iBoot code itself), iBoot performs checks to verify the integrity of iOS before launching the full operating system. It also checks for boot-level malware that may have been injected into the iOS startup configuration. This code is a particularly attractive target for would-be iOS hackers because—unlike the boot ROM and low-level boot loader—it has provisions for interaction over the phone’s tethering cable.