14 DAY TRIAL // Apple has managed to make everyone aware that it’s super obsessed with customer security (way to go, marketing department!), so it might come as a big surprise to find out that the iOS 10 kernel was left unencrypted.
This is certainly unexpected, given the fact that Apple usually locked down its software in order to prevent exploits and malware writers from taking advantage of flaws in its code, but it turns out that the company is adopting a different strategy for iOS 10.
In a statement for TechCrunch, Apple explains that leaving the iOS 10 kernel unprotected isn’t exposing users in any way, but it instead brings back several advantages by allowing more security experts to search for vulnerabilities and report them to the company to fix them in a shorter time.
“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson is quoted as saying.
Finding vulnerabilities known by private hacking groups
So basically, what Apple is trying to accomplish with this change is to enable more security experts to look at kernel code, find vulnerabilities, and thus help the company fix them in a shorter time. Previously, there were groups of hackers who were believed to be aware of vulnerabilities in the kernel that nobody else could discover because of the security systems put in place by Apple, so this made it pretty difficult for the company to deal with the flaws.
Living proof is the San Bernardino iPhone case, when Apple was requested by the FBI to help break into the iPhone used by one of the terrorists in the late 2015 shooting. After Cupertino refused to comply with the requirements, the FBI managed to hack the device with an undisclosed group of hackers holding an unpatched vulnerability in iOS.
Nobody can tell what the flaw that the hackers actually used to unlock the device was, and Apple itself is still trying to figure out the method they employed during the process, so by opening the iOS 10 kernel, the company wants to avoid similar cases in the future.
Certainly, embracing such an open approach for iOS 10 could be a double-edged sword because there’s opportunity for dangerous activity on devices running it, but time will tell if Apple’s playing the right card here. iOS 10 is expected to launch in the fall with the iPhone 7, as it’s currently in development and available as a preview to developers.