Apple Confirms iOS 10 Kernel Left Unencrypted Intentionally, Here’s Why
When Apple introduced the top ten major feature additions to iOS 10 as part of its recently-concluded Worldwide Developers Conference (WWDC 2016) opening keynote, it forgot to mention one vitally important security aspect; that it had left the iOS 10 kernel entirely unencrypted for the first time in any version of iOS.
The company obviously wanted to keep this on the down low for obvious reasons, but as you might expect, it didn’t exactly take security researchers long to discover the unobfuscated heart of iOS. Apple has now reacted to that discovery by confirming that it was left unencrypted in the firmware intentionally on purpose.
An Apple spokesperson has confirmed that the decision to leave the iOS 10 kernel unencrypted was an intentional one, and definitely not a rudimentary mistake by one of Apple’s engineers. The statement went on to try and play down any security concerns by outlining the fact that the kernel doesn’t actually contain user information, and therefore security hasn’t been compromised:
The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security
One important aspect to note here is that an unencrypted kernel doesn’t mean that iPhones or iPads running iOS 10 beta are any less secure than those running previous versions of iOS that do ship with an entirely obfuscated kernel. It simply means that that developers and security researchers with the correct skill set and knowledge base can investigate kernel code within iOS 10 unobstructed for the first time. If any vulnerabilities or bugs are reported, it means that they can be patched a lot quicker.
Of course, it also potentially means that those involved in the jailbreak community have a rare chance to look for new ways of jailbreaking the iOS 10 platform without having to come up with innovative ways to bypass Apple’s kernel encryption.
Many had presumed that this was an oversight on Apple’s part, but it appears to all be part of the company’s new dedication to offering greater transparency after the well published court battle with the FBI over gaining access to an iPhone 5c used in the San Bernardino shootings.
As the original report points out, leaving the kernel entirely open for investigation could also bring about a secondary benefit of weakening the marketplace when it comes to the purchase of vulnerabilities and exploits, similar to the one the FBI purchased to gain access to the aforementioned iPhone 5c.