News: iBoot Source Code Leaked Here's What iPhone Users Need to Know
A massive leak appeared the web today, and it's got some huge security implications for every iPhone on the market. On the plus side, it also has some potential for enabling deep-level modifications and jailbreak tweaks.GitHub user ZioShiba posted the iBoot source code for iOS 9.3 in all its glory (it has since been taken down due to a DMCA request from Apple). Though there's no word yet on exactly where this code came from or how ZioShiba got it, we've had a look at it and it's definitely the real deal. It's possible that it has been floating around the web for at least 4 months already.
Security Implications of the iBoot LeakiBoot is a part of iOS that enables the secure boot chain — in other words, it's a low-level piece of software that verifies each part of your iPhone's operating system loads properly every time you turn on your phone. If you're familiar with Android, it's very similar to Fastboot. Or if you're a Windows pro, you can liken it to BIOS.With the source code now floating out there in the ether, it's not unreasonable to expect that someone could do some reverse engineering to find loopholes and workarounds — ways to bypass iOS' secure boot chain. Though it's the iOS 9.3 version of iBoot, it's not a stretch to imagine that some of these loopholes or workarounds could apply to even the latest version of iOS.Such a hack could be used maliciously as way to bypass Apple's security measures, potentially including your lock screen and disk encryption. The next time the FBI wants to get into someone's iPhone, they could feasibly use this code to find their way in. Thieves and hackers, too — the security ramifications here are huge.
Jailbreak Possibilities & Positive TakesBut there's a silver lining if you're into customization and jailbreak tweaks. If the right people get their hands on this code and work their magic, it's possible that such a hack could be used for good. If users could bypass Apple's secure boot chain, they could load up custom operating system files instead of iOS — much like Android's Fastboot mode lets users install custom ROMs.Another upside is that this could actually lead to improved security on iPhones. Apple offers up to $200,000 for finding critical bugs in iBoot. This bug bounty program should incentivize programmers to dig through the leaked iBoot source with a fine-toothed comb. In the long run, we could see several patches applied to future versions of iBoot to make iPhones more secure than ever.
Apple's TakeApple indirectly confirmed the code was real by issuing a DMCA request to GitHub to take down the offending links that contained confidential and propriety data, though clones of the code have already spread — it's the internet, after all.Later, Apple issued an official statement on the matter to CNET, downplaying security risks:Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.
— Apple (via CNET)In other words, updates to iBoot since iOS 9.3 have added software security mechanisms that aren't included in this leak, meaning there's less risk if you're running the latest version of iOS. As for the hardware protections Apple mentions, much of that pertains to Apple's Secure Enclave system, which uses hard-coded root of trust keys to ensure that the software being loaded by iBoot isn't modified or compromised. Secure Enclave is a feature included in all iOS devices using at least an A7 SoC — so iPhone 5s, iPad mini 2, or newer devices.This story is still developing, so check back here for updates. We've reached out to ZioShiba for comment, but haven't heard back yet. One way or another, this is definitely exciting news, so we'll stay on top of it as the story unfolds.Don't Miss: How to Disable Performance Throttling on Your iPhone Due to Battery IssuesFollow Gadget Hacks on Facebook, Twitter, YouTube, and Flipboard Follow WonderHowTo on Facebook, Twitter, Pinterest, and Flipboard
Cover image via davidgsteadman/Flickr
How to get iPhone X-like gestures on any Android device right now Want to get around your phone with gestures instead of buttons? You don't need an iPhone X (or even a OnePlus 5T) to do it.
12 Android Gestures You Might Not Know About - gizmodo.com
How To: Make DIY gummy candy out of gelatin How To: This Easy Tip Will Make Your Homemade Cupcakes Look More Professional News: The Hollagram Selfie Booth Shows How Close We Are to Functional Holograms How To: It's Raining Sweets and Treats! How to Make Your Own Pneumatic Candy Cannon
Today's Tidbit: Candy Can Help You Curb "That Time of the
There are a ton of really cool options there. Another way to get your rooted KitKat device to look like Android L is to just install the Android L Theme module for Xposed. You can find that on XDA
How to Get New Themes for Your Pixel on Android 10
Mark Jansen/Digital Trends. Do you want to snap a quick video or record your screen on an Android device? Whether you are taking a recording for friends, showing off your gaming skills, or
In this soldering tip video brought to you by BEST, Inc. Norman Mier certified master instructor for Soldering Skills demonstrates removal of solder bridges on gull wing leading components.
How to Solder a SOIC14 gull wing lead component « Hacks, Mods
Add Custom Message for "Respond with Text" In iPhone | Tom's
How to enable lock screen gestures on your phone to launch applications directly from the lock screen? Different Android devices have different lock screen designs. Pure stock Android has a simple user interface with the unlock button on the middle and Touchwiz has fancy lock screens with water, light and ink effects.
Use the Google Now Gesture to Launch Any Android App
Linkin Park's popular Hybrid Theory album now free on Play Music. thanks to the immense popularity and success of their debut album Hybrid Theory. Well, fans of the band will be pleased to
Linkin Park: Hybrid Theory (Bonus Edition) - play.google.com
Best web browser: Chrome, Edge, Firefox, and Opera go head-to-head We take a look at the performance and features of the big four internet browsers to see which one will serve you best.
Search across multiple open tabs on Firefox and Chrome browsers
This article explains the required metadata for uploading 3D rectangular videos. To learn how to upload 360 3D videos, use the instructions to upload virtual reality videos. Make sure your 3D video files have the required 3D metadata. YouTube supports left-right (LR) side-by-side stereo layout for 3D videos. The video should contain stereo
Uploading Videos to Youtube for Maximum Video Quality
You can also use apps like Later (iOS, Android) and UNUM (iOS, Android) to plan your Instagram feed and see which photos look best next to each other. Hone your hashtag game Hashtags are what allow more people to discover your content on Instagram, especially now that you can follow hashtags for them to appear on your timeline.
Tips for Taking Your Twitter Game to the Next Level - Non
Ars Technica stumbled upon a bit of an Easter Egg in the Pixel's implementation of Assistant, and it's pretty bonkers. If you tell the phone "I'm feeling lucky," it goes into full game show host mode.
15 Cool Google Assistant Tricks You Should Try - Beebom
This allows Chrome to block intrusive or misleading ads on known spam sites. Try another Android browser. If you can't get rid of popups with Chrome, you might consider using another browser. You will find many options in the Play Store designed to block malicious pop-ups and provide a hassle-free interface.
How to Block Pop Ups on Google Chrome [Complete Tutorial]
0 comments:
Post a Comment