iOS Source Code Leak to GitHub

February 7, 2018, Apple fought hard to remove a portion of iOS source code that was released and then posted on GitHub. The iOS source code was for a process called “iBoot,” originally reported by Motherboard. This process allows for the system to ensure that the code that is run when an iPhone is turned on, is indeed valid and from Apple. The source code leaked could enable hackers to easily access iOS vulnerabilities, despite the tight securities Apple is known for. After Apple filed a claim notice to GitHub, the source code was removed, but it may have been too little too late.

Though the source code has been taken down, there are still copies that are circulating throughout the web. According to Jonathan Levin, who spoke to Motherboard and who has knowledge of iOS and macOS system programming, this may be the biggest leak in history and is surprising since Apple is exceptional at safeguarding its users against such leaks.

Apple’s lawyers reluctantly conceded that the leak is valid. However, they tried to downplay the significance by stating that is was a “reproduction of Apple’s ‘iBoot’ source code,” the code, they reported “is responsible for ensuring trusted boot operation of Apple’s iOS software.” Although the code was allegedly the iOS 9 iBoot code, parts of it are likely still in use in iOS 11. Apple’s official request to have Github remove the code stated, “The ‘iBoot’ source code is proprietary and it includes Apple’s copyright notice. It is not open-source.”

Although, Apple confirmed that the leaked source code does contain admissible code information, they are not recognizing any security implications that may be impacted. Apple made a statement which may put users at ease. However, there are still some concerns, “Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products.”  Though Apple has attempted to brush off the leak, there are still concerns with it as the source code was able to make its way to the public, causing great concern for Apple. The source code leak, this time, may have been small, but what is stopping hackers or other harmful materials in the future?