Apple demands DMCA takedown of secret iBoot code leaked on Github
A portion of Apple’s proprietary source code for iOS devices has been leaked online. The code, labeled ‘iBoot’ is responsible for ensuring only trusted versions of iOS can boot on Apple devices.
Shortly after Apple learned of the leaked source code, the company issued a Digital Millennium Copyright Act (DMCA) takdeown request to Github requesting its immediate removal. Apple’s DMCA request was published by Github and states the reason for the request is because “the ‘iBoot’ source code is proprietary and it includes Apple’s copyright notice. It is not open-source.” Github complied with the request and removed it from the repository of a user named ZioShiba.
Although the leaked code appears to be for an older version of the operating system, iOS 9, it may contain relevant code still used in iOS 11. While Apple does make some portions of its code open source, iBoot has never been included and is closely guarded by the company.
It’s unclear how the code was obtained and who published it on Github. ZioShiba, the user who posted the code, appears to be relatively inactive on the platform, having last posted seven months before the iBoot leak. However a user by the same name appears to be pretty active other places online, with a YouTube channel featuring iOS hacks as well as a Twitch account.
While ZioShiba was the first to post the iBoot source code on Github, this is not the first time the code has appeared online. Last year a Reddit user named apple_internals published the same code on Reddit, however it failed to gain the same amount of attention.
Apple issued a statement assuring users that the leaked code was outdated and there is no need for alarm. “Old source code from three years ago appears to have been leaked but, by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
Although the leaked iBoot code should be cause for concern, newer Apple devices have additional layers of protection for users. Since 2013, Apple has included a Secure Enclave chip on iPhones. It effectively creates a separate computer within the iPhone to store both encryption and decryption keys, as well as other sensitive data. Since Secure Enclave uses a physically embedded key to authenticate, it creates a scenario where it’s nearly impossible for hackers to access sensitive information by brute force.
Updated February 8: Update includes statement from Apple concerning age of source code and additional layers of protection for iOS devices.
- Apple iOS 11.2.2 update offers a fix to the Spectre security vulnerability
- A popular virtual keyboard leaked the personal data of 31 million users
- How to download movies from Netflix to your phone, tablet, or PC
- Common iOS 11 problems and advice on how to handle them
- Here’s how to enroll in the iOS beta program to get updates early