Previous iOS releases have included encrypted kernels. Encryption prevents developers from reading the code used to build the system components of iOS. The kernel of an operating system can be likened to its heart, containing vital code that keeps the software running.
By leaving the kernel unencrypted, developers are able to access this code and find out what lies at the centre of iOS. Apple hasn’t publicly commented on the change and its own developer documentation makes no reference to iOS 10 having an unencrypted kernel. It was revealed in a report by the MIT Technology Review today.
Some people have speculated that Apple may be inviting researchers to assess the iOS kernel and look for security flaws. By giving the kernel more exposure than is usual, it could find more potential vulnerabilities that could be exploited by hackers. These could then be fixed before the public release.
An alternative theory along the same lines suggests Apple wants external researchers to help it find entry points into iOS. Earlier this year, the FBI successfully broke into an iPhone during the high-profile case against a gunman in the San Bernardino shooting. The FBI has refused to share details of the exploit with Apple. The company may be trying to find how the agency obtained access by inviting the outside world to help it in its search.
Apple hasn’t commented on the matter. In a report, the BBC said it “understands” that Apple isn’t trying to get researchers to find new security flaws though. It referenced unnamed sources that contacted the news site.
The unencrypted kernel has already thrown up some interesting discoveries. One researcher, Mathew Solnik, found a previously unknown mechanism that prevents the kernel from being modified by external code. Bugs in systems like this could allow attackers to break into devices. With the code out in the wild, people will have more chance to study it and find ways around it.
Opinion remains split on why Apple has left the kernel unencrypted in iOS 10. In the words of Jonathan Levin, the author of a book on iOS’ inner workings, the company may have “screwed up royally,” accidentally releasing a development version without encryption in a major oversight.
This seems increasingly improbable though. If this was the case, Apple would have almost certainly withdrawn the preview by now and released a new build with an encrypted kernel. It appears to have intentionally released the software in its unencrypted form but its motivations remain a point of contention. Both Levin and Solnik agree that this seems to be a planned move.
Without kernel encryption, iOS is undoubtedly easier to study and break into. With the San Bernardino lawsuit still in recent memory, Apple may well be intending to strengthen its defences against the government by making iOS bugs more discoverable.
The fact that the FBI found an external source capable of unlocking the device confirms there are people who can unravel Apple’s software. By removing the encryption, Apple can level the playing field, reducing the power of the growing shady industry that sells exploit kits to governments.
Whether iOS 10 will ship with an unencrypted kernel remains to be seen. Apple is likely to lock it up again before releasing the update to consumers though, giving developers a brief glance into the operating system’s insides.
