Apple Facing Security Nightmare as iOS 9 Source Code Leaks [telecom]

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Apple Facing Security Nightmare as iOS 9 Source Code Leaks

The iBoot source code, which handles loading and verifying iOS, was
uploaded to GitHub for all to see.

Re: Apple Facing Security Nightmare as iOS 9 Source Code Leaks [telecom]
Quoted text here. Click to load it

If leaking source code causes a security nightmare, then they had a
security nightmare before the source code leaked.  Apple doesn't seem
to think it's a "nightmare", even though they don't like their source
code leaking out (and it makes their customers wonder if their
personal information is also leaking out).  I'm sure lots of people
had that code disassembled before someone uploaded it to GitHub.  Oh,
yes, the code is also three years old.

It's very difficult to prevent disassembly of boot code, especially
when the owner of the phone has to be able to boot the phone without
calling over an Apple Tech Support Person to enter a password every
time the phone has to be booted (especially considering the problems
that cell phones have had with batteries).  And since booting a phone
is so common, *SOMEONE* would be able to look over the shoulder of the
tech support person and get the password.

If (most of) the boot code is encrypted, the key has to be somewhere
on the phone so the phone can boot.  This is also a fundamental
problem with so-called Digital Rights Management, in which your
customer is considered the enemy, and you can't require downloading
the media from an Apple-controlled server every time, because it would

(a) require way too much bandwidth

(b) not work in an area with no cell service, like a customer on a
    subway or bus in a tunnel,

(c) costs the customer in data charges,

(d) someone would intercept the media as it is transmitted over the
    Internet, even if it is encrypted, and

(e) it's so unreliable you'd never be able to sell it to anyone.

Site Timeline