The Unencrypted iOS Kernel And You

Big-ish changes?

So Apple has decided to ship an unencrypted kernel in iOS 10. What does this
mean, and what are the practical considerations around this decision?

Shipping an unencrypted kernel will now allow for the inspection of the code at
the very core of the Apple device, something that we have not had the ability
to do before. Apple is claiming that this will lead to a more robust patch
cycle due to more eyes being able to spot bugs. Initial article from Technology Review.

“What’s my motivation?”. Well, that is, indeed, the question. Apple does not
currently have a bug bounty program, which leads to some very, potentially,
poor outcomes. You see, researching software vulnerabilities can be very hard,
and time consuming. People generally like to be compensated for their time and
effort, and the idea that a company with more than 500 billion dollars in
market capital doesn’t have a plan to compensate parties that find flaws in the
core business isn’t palatable. Apple’s failure in this plan is in motivating
people to disclose any security issues that they find… to Apple.

The options of getting paid if you do find an exploit:

  • Use a brokerage service like Zeroday Initiative, and see what the market will bear.
  • Sell to the government, and hope that they don’t compel you to disclose after you enter negotiations.
  • Sell on the black market, and hope that the you aren’t strong-armed by nefarious criminal types.
  • Disclose to Apple, and hope that you get a nifty shirt, or some free stuff, maybe even some money.

Of that list, Apple ranks last in options of receiving compensation for work.
The incentive structure doesn’t lead to Apple patching more flaws; it leads to
more active exploits in the wild.

In this case, “given enough eyeballs, all bugs are shallow”, which is the
primary means of bug squashing in the FOSS community, just doesn’t translate
that well in this case. I think Apple really needs to consider “given enough
eyeballs, and deep enough pockets, all bugs are shallow”.

One more thing… will having an unencrypted kernel lessen the threat of the US
government compelling Apple to cooperate with with authorities in the future?
0day markets will get nice and hot whenever the government wants a phone
unlocked.

This is a Security Bloggers Network syndicated blog post authored by Invisible Threat. Read the original post at: Invisible Threat