iOS 10 kernel is unencrypted and no one knows why

iOS 10 kernel is unencrypted and no one knows why
Developers got a pretty big surprise with the first preview release of iOS 10. It turns out that the iOS 10 kernel, the heart of the operating system, was left unencrypted by Apple. This is not only the first time that Apple has released an unencrypted version of its kernel, but no one knows why it happened, or even if it was intentional.

The kernel of the OS controls how programs can use a device’s hardware and enforces security, so there are a few possible results from this release. First, it could mean more malware for iOS because bad guys will have unprecedented visibility into the kernel code and be able to exploit bugs they find. Of course, the flip side of that is that good guys will have that same visibility, meaning they could find the same bugs and report them to Apple for patching before a full release. Lastly, it could be a boon to the jailbreak/mod community because this kind of access could give new options within the notoriously locked-down platform.

Whatever the results of the release, everyone is confused as to why it happened. Some say that it might have been a (colossal) mistake by someone within Apple and the unencrypted kernel was never meant to see the light of day. However, plenty others say that such a basic mistake is extremely unlikely within a company like Apple, and it might have been on purpose in order to get more bug reports and improve the overall security of iOS. 

The latter reasoning does seem more believable given how much Apple has been pushing security and privacy recently, but Apple hasn't commented on the matter so no one really knows.

FEATURED VIDEO

26 Comments

1. PHYCLOPSH

Posts: 652; Member since: Jun 28, 2014

This is the best Apple news I have ever heard! I hope this means in the future it is a possibility to make custom roms run on the iPhone or dual boot...

2. Scott93274

Posts: 6034; Member since: Aug 06, 2013

Because when you leave the house, you leave the door unlocked and wide open so the "Good guys" can come in to check your security system while you're away.... SMH. Such a bonehead move on Apple's part.

5. PHYCLOPSH

Posts: 652; Member since: Jun 28, 2014

And when you're locked up in prison and you're all pretty lookin' (like iOS) your sweet unused backdoor looks mighty fine to all the hard up and desperate guys... IMO It's much better to be free (like Android) in the first place.

6. Scott93274

Posts: 6034; Member since: Aug 06, 2013

"your sweet unused backdoor looks mighty fine to all the hard up and desperate guys" .... ROTFLMAO! Thank you. I stand by my statement that releasing an exposed kernel was a bonehead move, but I do agree with your first statement about the custom ROMs or dual boot system.

21. Scott93274

Posts: 6034; Member since: Aug 06, 2013

#butthurt. I don't know what makes you think I care, it impacts Lollipop or lower and I've been on Marshmallow sinse November. And so far only 0.01% of Android users in the states even have it. Apple not encrypting its kernel on the other hand opens everyone on it's platform up to numerous attacks going forward.

24. Mxyzptlk unregistered

So you're deflecting now? Understood.

8. Dr.Phil

Posts: 2373; Member since: Feb 14, 2011

It's actually no different than Windows or Linux for the PC having their kernels unencrypted. And there would be far more to gain from those being unencrypted than your phone kernel. It's standard practice actually.

3. Darkkracker

Posts: 255; Member since: Jun 11, 2016

Agree I have a conspiracy theory but will shut up so people don't call me icrazy!

11. magnanimus

Posts: 565; Member since: Mar 29, 2013

Good choice!

4. submar

Posts: 713; Member since: Sep 19, 2014

So desperate to become open?

7. Scott93274

Posts: 6034; Member since: Aug 06, 2013

This is kinda the same thing as Britney Spears going to the club without underwear on because she was too lazy, ended up showing off just a tad bit more than she planned, and now it's out there for all the world to see....

10. tbacba

Posts: 134; Member since: Mar 31, 2010

That's where Britney kept her iPhone?

19. Mxyzptlk unregistered

No it isn't.

22. Scott93274

Posts: 6034; Member since: Aug 06, 2013

Mxyzptlk = ignorant

25. Mxyzptlk unregistered

Scott = the brown stuff I flush down my toilet

9. Scott93274

Posts: 6034; Member since: Aug 06, 2013

"it might have been on purpose in order to get more bug reports and improve the overall security of iOS" which is how you go about doing things, make no mention at all about the exposed kernel and hope good doers out there discover this and go searching for flaws to report with no incentive. If that's actually their intent, maybe they should take a page from Google's book, not be coy about their intentions and offer monetary incentive. http://www.phonearena.com/news/Googles-been-paying-big-bucks-for-Android-vulnerabilities-and-that-moneys-only-getting-bigger_id82299 Regardless, whenever I hear about Apple bragging about security, I am reminded of this article. http://www.phonearena.com/news/Apple-knew-about-the-iCloud-security-flaw-6-months-prior-the-nude-celebrity-photo-leak_id61063

23. Scott93274

Posts: 6034; Member since: Aug 06, 2013

Please reference posts 21 & 22.... especially post 22. ;)

26. Mxyzptlk unregistered

So you're admitting defeat? Understood :D

12. deviceguy2016

Posts: 826; Member since: Jun 16, 2016

Not safe on apples part... Only of terrorism has a iPhone maybe but still NOT GOOD!!!

13. Unordinary unregistered

People know why, PA is just full of terrible authors and researchers. “The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch. Also:http://9to5mac.com/2016/06/22/apple-ios-10-kernel-unencrypted/

16. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

WWDC just passed... no announcement for the devs regarding access to the kernel? This was published almost 2 days ago, but Apple only makes a statement a few hours ago? Here, this is from Wikipedia, but as a definition will suffice:. The kernel is a computer program that constitutes the central core of a computer's operating system. It has complete control over everything that occurs in the system.[1] As such, it is the first program loaded on startup, and then manages the remainder of the startup, as well as input/output requests from software, translating them into data processing instructions for the central processing unit. It is also responsible for managing memory, and for managing and communicating with computing peripherals, like printers, speakers, etc. The kernel is a fundamental part of a modern computer's operating system.[2] Now, do you think it even matters if a user's info is stored in the cache? The kernel has far more access and capabilities to effect the user then just stored user data. Perhaps you should improve your own research prowess. Apple's simply doing damage control.

14. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

If it were intentional, Apple probably would have made an announcement about it showcasing developers being allowed a higher level of access in order to make even higher quality apps. More probable though is that, as this is still a preview, the release version kernel will come out encrypted as usual. Then again... this is a big change for Apple with no forewarning, even being a preview, putting a glass window in the walled garden. It may have been a slip up. Even Apple makes mistakes; unlimited login attempts comes to mind.

15. kiko007

Posts: 7493; Member since: Feb 17, 2016

Other sites have confirmed it to be intentional on the part of Apple.

17. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Apple said it was intentional a few hours ago. These confirmations are based on that statement. That the kernel is unencrypted was first published almost 2 days ago. If it's unencrypted to help developers discover bugs, WWDC would have been the platform to make the announcement.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.