Security

Apple iBoot leak was an inside job, and the hacker has more iOS source code

Two-year-old iOS code was recently leaked to GitHub, and a former Apple employee is to blame.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • A former Apple employee was discovered to be the cause of the iOS iBoot source code leak that was published to GitHub.
  • The developer behind the iBoot leak has more iOS source code that has not yet been leaked widely.

A former "low-level" Apple employee was behind the iBoot leak that led to iOS source code being published to GitHub, according to a report from Motherboard.

Source code for the bootloader in iOS 9 was published in a GitHub repository, but removed after Apple leveraged the Digital Millennium Copyright Act (DMCA) and filed a notice with the website. Despite the sensitivity around iOS source code, Apple said the leak wouldn't impact iPhone security for most users.

The discovery of an employee's involvement in such a well-publicized leak gives further evidence to the idea that a company's employees are its weakest link in cybersecurity. Organizations should limit code access to employees who absolutely need it, and put restrictions in place to keep it secure.

SEE: Mobile device computing policy (Tech Pro Research)

According to Motherboard, the Apple employee originally took the code while working for the Cupertino giant in 2016. The problem was that this employee had friends in the jailbreaking community who encouraged the employee to leak to the code to them for security research.

"The person took the iBoot source code—and additional code that has yet to be widely leaked—and shared it with a small group of five people," the Motherboard report said.

The key phrase there is "additional code that has yet to be widely leaked," meaning that the former employee has more of the iOS source code at his or her disposal. This could lead to additional leaks (and headaches for Apple) in the future.

After the small group gained access to the code, it was eventually leaked outside of the group and ended up being published to GitHub by a user named ZioShiba, Motherboard reported.

The anonymous sources cited by Motherboard claim they only wanted the code for research and didn't want it to leak publicly for fear of legal repercussions. While Apple maintains that the security of its products doesn't depend on secret code, the leak was still embarrassing, and a future leak of more source code could have more dire consequences.

Also see

iphone.jpg
Image: CNET

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox