iOS 10 kernel breaks with tradition, is unencrypted

MIT Technology Review:

Some security experts who inspected that new version of iOS got a big surprise.

They found that Apple had not obscured the workings of the heart of its operating system using encryption as the company has done before. Crucial pieces of the code destined to power millions of iPhones and iPads were laid bare for all to see. That would aid anyone looking for security weaknesses in Apple’s flagship software.

Security experts say the famously secretive company may have adopted a bold new strategy intended to encourage more people to report bugs in its software—or perhaps made an embarrassing mistake. Apple declined to comment on why it didn’t follow its usual procedure.

I can’t imagine that this is unintentional or a mistake. It’d be good to get an official comment from Apple on the strategy, given the press this is getting.



  • Caleb Hightower

    I wouldn’t be surprised if this was an oversight, given Apple’s recent track record for sloppiness.

  • John

    I’m not sure what the security reason would be for encrypting the kernel. Encrypt data? Absolutely. The kernel, config, and drivers? I’m not sure why that would increase the attack surface of the device.

    Of course, someone smarter than me will tell me. 😉