Apple Confirms Unencrypted Kernel in iOS 10 Beta is Intentional

Yesterday it was discovered that iOS 10 does not feature an encrypted kernel, allowing users and researchers access to the core of the operating system and its inner workings. It was unclear at the time whether the lack of encryption was an accident or intentional, but today Apple confirmed to TechCrunch that the company did not encrypt the kernel for a reason.

ios10

“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” an Apple spokesperson told TechCrunch.

The kernel, which dictates how software can use hardware and keeps the device secure, is unencrypted so that developers and researchers can "poke around" and find potential security flaws. Because the kernel is easier to access and flaws may be easier to find, Apple can more easily and more quickly patch potential issues.

The move is a shift for Apple, who had encrypted the kernel in past versions of iOS, leaving developers and researchers out of the loop on the inner workings of the operating system. As noted by security expert Jonathan Zdziarski, it's likely that Apple has made this shift to prevent groups from "hoarding" vulnerabilities in Apple's software, like the vulnerability used by the FBI to break into the iPhone 5c of the San Bernardino shooter.

Top Rated Comments

Quu Avatar
61 months ago
I'd just like to point something out. Apple does not offer a bug bounty program. That is to say there is no bounty to be awarded if you report a bug to them no matter how serious it is.

By contrast Microsoft offers $100,000 for a unique kernel level exploit, $15,000 for a Edge browser exploit and $100,000 for a unique solution to a presented exploit that they have yet to come up with / implement.

So if you were to find an Edge browser exploit in Windows 10 and another exploit that allowed you to jump the sandbox and gain root access to the operating system and then figured out a solution to stop the attack that is safe and implementable you could earn yourself $215,000.

Find the same in iOS, macOS, watchOS or tvOS and earn $0. It's about time Apple got serious and offered their own bug bounty program. It's the most meaningful way to get serious vulnerabilities reported.

And remember the FBI and NSA are paying upwards of $1 Million dollars (as shown in congress reports) for root level attacks on iOS, macOS and Windows. That is the competition. If you're a security researcher who're you gonna tell? Apple and earn nothing or the NSA/FBI and change your entire life?
Score: 57 Votes (Like | Disagree)
6836838 Avatar
61 months ago
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.

Yeah, didn't work too well for Android, though.
You're very confused. Please research the difference between binaries and source code.
Score: 27 Votes (Like | Disagree)
RichTeer Avatar
61 months ago
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.
Umm, unencrypted binary != open source...
Score: 26 Votes (Like | Disagree)
C DM Avatar
61 months ago
I see. So open-source now equals openly exposing vulnerabilities for the collective good so a select user group can not exponentially exploit said vulnerability.

Yeah, didn't work too well for Android, though.
Where does open-source come from? :confused:
Score: 21 Votes (Like | Disagree)
doelcm82 Avatar
61 months ago
In Apple marketing terms, this is called innovation.
Apple marketing is not calling this anything.

You are calling it innovation, and then snickering at the "Apple marketing" in your mind for calling it innovation.

Well done.
Score: 9 Votes (Like | Disagree)
Nothlit Avatar
61 months ago
So has anyone in the tech press asked them why only the 64-bit kernelcache was left unencrypted while the 32-bit kernelcache remains encrypted? What about the update and restore ramdisks, which also remain encrypted? The rest of the boot chain? Why not let us peek at those, too?

Apple PR's statement that "[t]he kernel cache doesn't contain any user info" is ridiculously obvious to anyone with technical knowledge in this area. That statement is clearly only intended to placate the non-technical masses who might hear "Apple" and "unencrypted" in the same sentence and get worried about the privacy battle.

Secondly, what sort of performance improvement can this possibly make? Even assuming the kernelcache has to be decrypted once per boot, that must take what, a couple hundred milliseconds for the hardware-accelerated AES engine to do its thing?

I am really baffled by Apple's response. If it was indeed intentional, it must have been for reasons other than what they are saying.
Score: 8 Votes (Like | Disagree)

Top Stories

2021 mbp sd slot feature2

Kuo: New MacBook Pro Models With HDMI Port and SD Card Reader to Launch Later This Year

Monday February 22, 2021 8:52 pm PST by
Apple plans to release two new MacBook Pro models equipped with an HDMI port and SD card reader in the second half of 2021, according to analyst Ming-Chi Kuo, who outlined his expectations in a research note obtained by MacRumors. The return of an SD card reader was first reported by Bloomberg's Mark Gurman last month. "We predict that Apple's two new MacBook Pro models in 2H21 will have...
m1 mac mini

M1 Mac Users Report Excessive SSD Wear

Tuesday February 23, 2021 7:07 am PST by
Over the past week, some M1 Mac users have been reporting alarming SSD health readings, suggesting that these devices are writing extraordinary amounts of data to their drives (via iMore). Across Twitter and the MacRumors forums, users are reporting that M1 Macs are experiencing extremely high drive writes over a short space of time. In what appear to be the most severe cases, M1 Macs are sai...
iphone 12 pro display video

BOE Rumored to Supply iPhone 13 Display Panels After iPhone 12 Failures

Monday February 22, 2021 9:54 am PST by
Display manufacturer BOE will be one of the main suppliers of OLED panels for iPhone 13 models, according to a new report today from Taiwan's Economic Daily News. BOE is said to be working with touch panel manufacturer General Interface Solution (GIS), part of the Hon Hai Group to develop OLED panels. Multiple iPhone 12 rumors suggested that BOE would supply some panels for the devices,...
mac security privacy

Apple Takes Step to Prevent Further Spread of 'Silver Sparrow' Malware on Macs

Monday February 22, 2021 6:13 am PST by
Over the weekend, we reported on the second known piece of malware compiled to run natively on M1 Macs. Given the name "Silver Sparrow," the malicious package is said to leverage the macOS Installer JavaScript API to execute suspicious commands. After observing the malware for over a week, however, security firm Red Canary did not observe any final payload, so the exact threat to users remains a...
jon prosser imac 2021colors

Prosser: 2021 iMac to Come in Five Colors, Apple Silicon Mac Pro to Resemble 'Stacked' Mac Minis

Wednesday February 24, 2021 7:26 am PST by
Hit-and-miss leaker Jon Prosser has today alleged that the upcoming 2021 iMac models will offer five color options, mirroring the colors of the fourth-generation iPad Air, and revealed a number of additional details about the Mac Pro with Apple Silicon. In a new video on YouTube channel FrontPageTech, Prosser explained that the redesigned iMacs will come featuring options for Silver, Space ...
whatsapp privacy banner

WhatsApp Reveals What Happens to Users Who Don't Agree to Upcoming Privacy Policy Changes

Sunday February 21, 2021 1:11 am PST by
WhatsApp has revealed how it will gradually limit the features available to accounts held by users who do not accept the platform's impending privacy policy changes, due to come into effect on May 15. WhatsApp's new banner explaining the privacy policy changes According to an email seen by TechCrunch to one of its merchant partners, WhatsApp said it will "slowly ask" users who have not yet...
new airpods leaked image 52audios

Alleged Leaked Image Claims to Show Third-Generation AirPods and Case

Sunday February 21, 2021 2:49 am PST by
A new image claims to offer our first real world look at Apple's next-generation AirPods. The image, shared by 52audio, showcases both AirPods and the charging case for what the site claims to be the third iteration of the wireless earbuds. 52audio has in the past shared images claiming to showcase different parts of the third-generation AirPods. Most notably, the site in November shared...
anker magsafe powercore battery pack

Anker Releases MagSafe-Compatible Battery Pack for iPhone 12 Lineup

Tuesday February 23, 2021 7:49 am PST by
Following rumors that Apple is working on a MagSafe battery pack for iPhone 12 models, popular accessory maker Anker has beaten Apple to the punch with the release of its PowerCore Magnetic 5K Wireless Power Bank. First previewed at CES 2021, the PowerCore battery pack magnetically attaches to the back of any iPhone 12 model and provides 5W of wireless charging. With a 5,000 mAh capacity,...
iPad Pro Mini LED

New iPad Pro and MacBook Models With Mini-LED Displays Again Rumored to Launch This Year

Monday February 22, 2021 9:32 pm PST by
Taiwanese company Ennostar will begin production of Mini-LED backlight units for an upcoming 12.9-inch iPad Pro in the late first quarter or second quarter of this year, according to industry sources cited by DigiTimes. Ennostar is a holding company that was jointly established in January 2021 by LED-related manufacturers Epistar and Lextar Electronics. Apple is expected to unveil the new ...
14

iOS 14.5 to Make Zero-Click Attacks 'Significantly Harder'

Monday February 22, 2021 9:05 am PST by
Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard. Apple has made a change to the way in which it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much harder. The change, spotted by security researchers, has now been confirmed by...