Apple has been going through a rough phase lately and now the company is in hot waters again since the baseband source code for various iPhone models has been shared online. Needless to say that this would pave the way for software-based device unlocks.
Apple had noted earlier that the iBoot source code leak was genuine but also mentioned that the source code was created around three years back for iOS 9 and wasn’t officially released to public domain. Therefore, there was nothing to worry about because the source code is out-dated.
Furthermore, Apple stated that its products’ security never relies upon the confidentiality of the source code but now that the baseband source code has been released online, Apple couldn’t come up with an instant response. Reportedly, Apple has now sent a DMCA legal notice to GitHub for taking down the baseband source code and to remove it altogether.
“The “iBoot” source code is proprietary and it includes Apple’s copyright notice. It is not open-source.”
GitHub was quick to respond and took down the code immediately. However, the act of sending notice to GitHub has further reinforced the fact that the leaked code is indeed genuine.
It is worth noting that the source code was present on GitHub and the code happened to be that of a core component of iPhone OS. Due to its unceremonious leaking online, hackers and security researchers would easily identify flaws in iOS software as well as carry out jailbreaks without much difficulty. That’s because the iBoot code is part of iOS and its responsibility is to verify that the OS is being booted appropriately.
In fact, it is the iBoot program that loads the iOS and turns on the iPhone. It is also responsible for verifying that kernel is signed by Apple before executing it. You can say that it is the BIOS of iOS devices. Although Apple is claiming that the software is out-dated but experts noted that some of its portions are still being used, for instance, it is present in iOS 11.
According to the author of multiple books on Mac OSX and iOS internal structures, Jonathan Levin, this leak is the “biggest” in the history of leaks and for Apple, this particular setback is a “huge deal” for sure. Levin stated that the leaked baseband code indeed is real iBoot code because he himself reverse engineered it.
Levin fears that due to the leaking of the iBoot code, now tethered jailbreaks would make a comeback, which basically means that the phone has to be connected to a computer to be booted. Since Apple has started embedding advanced security mechanisms in its iOS devices, such jailbreaks had become difficult to pull off and only highly skilled experts could think of attempting them. Perhaps this is why the jailbreaking community is so excited and thrilled on the news of leaking of iBoot’s baseband code.
“iBoot is the one component Apple has been holding on to, still encrypting its 64-bit image, and now it’s wide open in source code form,” Levin told MotherBoard.