
Apple Leaves iOS Kernel Un-Encrypted for First Time - finisterre
https://www.technologyreview.com/s/601748/apple-opens-up-iphone-code-in-what-could-be-savvy-strategy-or-security-screwup/
======
skygazer
Oh, my ignorance and the questions I now have -- I wish there were some up
votes on this, because I'd love the knowledgeable people of HN to weigh in.

Does this mean the "cat's out of the bag" forever more? If they encrypt the
final release, does that provide any benefit, anymore, or was obfuscation the
only benefit of encryption? Did the prior encrypted kernel simply make
exploits more difficult to find? Was there any other benefit to encrypting? I
assume jailbreaks are more likely (to be frequent) now? Does this mean the
federal government is less likely to need Apple's help to break into phones or
install their own software? Is Apple now any more worse off than, say,
Android, where the kernel has been open all along?

How conceivable is it this was a terrible blunder? Wouldn't there have been
safeguards in place to prevent this in their build system, like an encryption
step? Or, like whatever stub does the on device decryption failing, and
preventing install? Wouldn't they have had to intentionally work around that?
And if it was a colossal mistake, will it likely be beneficial in the long
run, anyway? (More eyes, more reports, more fixes?)

~~~
skygazer
I guess it was the decrypted arm64 kernelcache that was discussed elsewhere on
the net on the second day of WWDC, a week ago. So, perhaps this is stale news
to those in-the-know.

Interestingly, only the 64 bit ipsw was left unencrypted, not the 32 bit. The
inconsistency may imply it really was an error?

As for the impact, apparently it's been possible to decrypt 32 bit
kernelcaches on A5 and lower processors for some years. I don't know if that
holds for more recent versions of the OS, or just those from several years
ago. But, it's not entirely unprecedented that it's out in the wild. Apple
just gave the exploit searchers a head start this time.

~~~
skygazer
Here's the post/thread that caught on:

[https://news.ycombinator.com/item?id=11954780](https://news.ycombinator.com/item?id=11954780)

