iPhone secret code revealed in ‘Biggest Leak In History’ – Apple confirmed leak
Apple’s top-secret iBoot firmware source code in iPhones, iPads and other iOS devices has leaked into a public GitHub repo. In a statement from Apple spokesperson, Apple confirmed the authenticity of the code but emphasized that it’s for iOS 9, a three-year-old operating system that’s been replaced with iOS 11 and is in use on only a small number of devices.
Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.
According to Motherboard, a few hours after the story broke, Apple sent a DMCA legal notice demanding GitHub take down the iBoot code. The message read in part: “The “iBoot” source code is proprietary and it includes Apple’s copyright notice. It is not open-source.” The copyright takedown request forced GitHub to remove the code. Motherboard also explained that vulnerabilities inside previous versions of iBoot allowed hackers to brute-force their way into older iPhone models by circumventing lock screen protection. However, that’s no longer possible on new devices that have a Secure Enclave Processor on board. The iBoot leak could bring back tethered jailbreaks too, the kind that require the phone to be connected to a computer when booting.
Below are excerpts of the DMCA Notice.
“DMCA Notice
Date: February 7, 2018
Dear GitHub Copyright Agent:
I, the undersigned, state UNDER PENALTY OF PERJURY that:
[1] I have read and understand GitHub’s Guide to Filing a DMCA Notice;
[2] I am a person injured, or an agent authorized to act on behalf of a person injured by a violation of the U.S. Copyright laws, in particular Section 501 of Title 17 of the United States Code, commonly referred to as the Digital Millennium Copyright Act, or “DMCA”;…”
“….[4] I have a good faith belief that the files in the repository identified below (by URL) are unlawful under these laws because, among other things, the files offer to distribute a copyrighted item without authorization from the owner of the copyright;
[5] Reason:
Content Type:
Reproduction of Apple’s “iBoot” source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software. The “iBoot” source code is proprietary and it includes Apple’s copyright notice. It is not open-source.
Violation(s):
Copyright Infringement
[6] Please act expeditiously to disable the content found at the following repository (and any related forks);
https://github.com/ZioShiba/iBoot
Representative examples evidencing the infringing content at issue are printed below for your reference.
https://github.com/ZioShiba/iBoot/blob/master/apps/iBoot/application.mk
[private]
https://github.com/ZioShiba/iBoot/blob/master/apps/iBoot/boot.c
[private]
[7] I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law. I have taken fair use into consideration; and
[8] I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.
Thank you for your kind assistance.
Truthfully,
[private]
[Kilpatrick Townsend & Stockton LLP]
[private]….”