Sunday, August 14, 2016

iOS10 encryption system kernel not here! IOS10 green light to escape?

iOS10 encryption system kernel not here! IOS10 green light to escape?

  In last week's WWDC conference, Apple released a new generation operating system iOS --iOS10, the new version adds many new features and capabilities, such as the design of the new lock screen notifications, phone messages and pre-blocking application removal, etc., and in the day of the Apple keynote give software developers a preview version of the operating system to developers for testing.
iOS10 encryption system kernel not here!  IOS10 green light to escape?  .jpg
  Of course, not just the developers of the new version of the system of interest, many security researchers also had some Apple iOS10 research, and they have a very unexpected finding in this new version.

  In each of the previously released versions of iOS, Apple's operating system will be on the "heart" of the use of encryption technology, to avoid exposure to it. Here the so-called "heart" of the code is important iOS operating system, which is user iPhone and iPad important foundation to run, but not here to protect their confidentiality in iOS10 in Apple, exposed. But for those who want to find security holes in Apple's iOS operating system of the people, Apple's move may be a big help.

  Apple so unusual move, security experts believe this may be because Apple uses a more aggressive strategy intended to encourage more people to find and report vulnerabilities in their software, but also suggested that Apple may be careless mistakes . Currently Apple has not made any response to this.

iOS10 encryption system kernel not here!  IOS10 green light to escape?  -1.jpg
  Earlier this year FBI investigation to take place last December in San Bernardino, California (SanBernardino) shootings, had tried to require Apple to help them break iPhone5c criminals, but Apple refused their request, the parties therefore do sensation . But then FBI use third-party forces successfully cracked the criminals iPhone, and FBI said they could not take advantage of what vulnerabilities, as well as their method to crack open Apple's third party, the matter after Apple said they would further strengthen the equipment and software security and privacy features.

  iOS operating system's "heart" has a very important part - the kernel, the program how to use the hardware, how to perform security functions are all controlled by the kernel. In previous versions of iOS, Apple will be encrypted, completely hide their work, researchers can find other ways around this limitation. But iOS10 preview version, the kernel no protective measures, researchers can feel free to be the core of this study.

  See here, maybe you are very worried iOS10 safety is not affected? Of course, will not be affected. Once the inner workings of iOS have had in-depth study of experts JonathanLevin believe that this will be more conducive to security researchers to find its problems and defects in this version of the operating system. "It can greatly reduce the complexity of reverse engineering."

  MathewSolnik security researcher pointed out that the same is exposed there is a protection for the core, which has been modified to avoid security measures. "Today it has been disclosed, we will be able to study them, but also may find ways to circumvent the measures."

  Some people find loopholes in the software, and vulnerability to inform software development company in order to fix the vulnerability; however someone will exploit these vulnerabilities to develop malicious software or to develop " escape ", the malware can affect the user and equipment safety, and Apple has been the attitude of the "Prison Break" is not supported.

  No one knows why Apple suddenly open their code. One of the security research community believe Apple may be people inside a "sounding wrong." But Levin and Solnik have said, we now have every reason to believe that Apple may be intentional. Because they want to encourage more people to study their code to quickly found loopholes, Apple can quickly be restored with them.

  iOS security experts JonathanZdziarski also support this view, because the encryption cores forget this explanation is too far-fetched. "If Apple is forgotten, that's too hard to swallow it, which seems to have forgotten to install the elevator door the same."

  Zdziarski noted earlier this year that Apple and FBI field tear force Wars, Apple this time choose to open up their code actually has a very important significance. Apple initially requested FBI assistance crack offenders iPhone, but then because of third-party security researchers found that after the break the iPhone's approach, FBI will not put pressure on Apple. This also proves that the law enforcement agencies to deal in selling software vulnerabilities continue to increase, the market is growing. After Apple chose to develop iOS code, anyone who has the opportunity to found loopholes, on this basis, some research institutions may not be exclusively about these vulnerabilities funding source , said market might be affected.

  Many researchers believe that the above transactions have been able to develop and market the rise, with Apple can not shirk responsibility, because in encouraging third parties to report vulnerabilities discovered, Apple did better than competitors Google and Microsoft good. And Google, Microsoft is different, Apple did not report vulnerabilities incentives for those who discover vulnerabilities and made public in Apple products researchers, Apple does not provide incentives.
Post a Comment