Apple Removes Encryption From iOS 10 Kernel, Which Could Pay Off Big
Did Apple just give everyone the keys to the kingdom? Sort-of, but it didn’t just drop them on the porch accidentally—it put them on a hook right next to the door.
At least, that’s one way to think about Apple’s latest decision to move to an unencrypted kernel in iOS 10. And while that might sound like a big security risk to an average person, it isn’t. Though the kernel in iOS 10 manages your iPhone’s security and dictates what apps can and cannot do on your device, opening it up for anyone to take a look at—like enthusiasts and security researchers—will, paradoxically, increase device security.
And, yes, the move was intentional on Apple’s part.
“By unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told the MIT Technology Review.
Apple’s decision to remove the various protections previously used to protect the kernel from intrusion will now give security researchers (and white-hat hackers) an easier way to rummage through Apple’s code. This certainly means that someone could more easily discover some vulnerability that could allow all sorts of craziness on one’s device. The reverse is also true: Apple’s unencrypted kernel also means that there will be a lot more eyeballs looking for these kind of vulnerabilities and, ideally, disclosing them to Apple for fixing.
Apple is likely hoping that this has the added side benefit of reducing the impact of the iOS exploit market. Presumably, there will be fewer critical vulnerabilities found by individuals, or companies dedicated to the process, that wouldn’t also be found by others.
By removing encryption from the iOS 10 kernel, Apple might also gain more legal closure in future battles against entities that want into its devices, like the FBI. Rather than just finding a third-party exploit to do its dirty work, government agencies would have to square off with Apple in the courts if they want Apple to help them break into the company’s devices (to use an example from one of Apple’s bigger and more recent legal issues).
Source | PCMag