Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
IOS Iphone Security Apple

Apple Says iOS Kernel Cache Left Unencrypted Intentionally, Nothing To Worry About (loopinsight.com) 124

The iOS 10 kernel, which Apple released to enthusiasts last week, is not encrypted, according to a report. Security experts expressed their surprise and puzzlement over this in a report by MIT News. The iPhone maker, after remaining tight-lipped over the matter for a week, has now offered an explanation. In a statement to The Loop, Apple said: The kernel cache doesn't contain any user info, and by unencrypting it we're able to optimize the operating system's performance without compromising security.It is worth mentioning that Apple is talking about kernel's cache, whereas MIT News' original report talks about kernel code.
This discussion has been archived. No new comments can be posted.

Apple Says iOS Kernel Cache Left Unencrypted Intentionally, Nothing To Worry About

Comments Filter:
  • KERNEL vs. CACHE (Score:2, Interesting)

    So there seems to be some difference over assertions here.
    Apple is only talking about the iOS 10 kernel CACHE and that private data is never stored there (fair enough), whereas TFA is talking about the kernel code which is left open to exploitation.

    I personally consider that opening the kernel is a wise move. It will, most likely, assist in closing holes in the code and, eventually, would make a stronger kernel. However, as the article suggests, it was probably a mistake...

    • Re: (Score:2, Troll)

      It is sad that most Slashdot readers (and editors) now don't know the difference between CACHE and code.
    • Re:KERNEL vs. CACHE (Score:5, Informative)

      by cryptizard ( 2629853 ) on Thursday June 23, 2016 @10:26AM (#52374047)
      Kernel cache is what they call the encrypted container that has the kernel in it. The article is not wrong, just a nonstandard use of the term.
      • Re: (Score:3, Funny)

        The article is not wrong, just a nonstandard use of the term.

        My new campaign slogan! I am not lying. I am just using nonstandard definitions.

      • It's actually Apple that uses the nonstandard term... I had never heard of a kernel referred to as a "kernel cache" before I started hacking iOS back in ye olden days.
    • I think they should open source the kernel too. If they do they travel back in time to 1996 and put it here [apple.com] so everyone thinks they have always had a transparent security process in regards to the XNU kernel long since before OS X or iOS existed.
    • Apple is talking about the kernel itself, which it calls the "kernel cache"
      TFA is talking about the kernel, which Apple calls the "kernel cache"
      They're talking about the same thing, Apple just uses a funny term for it.
  • Our pervasive snooping through our customers' habits and information taught us that they do notice when the phone is slow, but they don't have a clue about security or consider their privacy in any way important.

  • Canary Warrant. The Government got to them in spite of the public display of resisting.You can be anyone who was relying on Apple phones to keep secrets will use other means now. Doh.As for the claim that kernel cache doesn't contain user data (and bear in mind this took a week of "consideration", and I'm not a security expert), wouldn't it be possible to extrude data from the kernal cache that could lead to the ability to access other encrypted data? seems odd to encrypt it and then remove that encryption
    • I don't want to say one way or the other because I still want to believe things don't actually work this way, despite clear evidence to the contrary, but you may be right about this. You can't tamper with an encrypted binary unless you have both keys; an unencrypted binary can be messed with and, as long as they checksums match, dropped right in with minimal hassle. And we've already learned that it's not hard to make checksums match.
      • by tibit ( 1762298 )

        we've already learned that it's not hard to make checksums match.

        That'd be big news for hashes that are currently considered secure. Got some links?

        • Anyone with a basic understanding of hashing algorithms knows that to brute-force any hash is a 2^n proposition, where n is the number of bits in the hash. I seem to recall something about a datacenter being built in Utah in the past year or two by an organization that might be interested in the subject.
          • by tibit ( 1762298 )

            There isn't enough material in the entire Universe (that we're aware of, at least) to build a datacenter to brute-force a 512 bit hash. The Universe has roughly 2^400 atoms, the Earth has roughly 2^170, a billion billion is 2^60 only and you'd be very lucky to have a "datacenter" that can do that many hashes per second. End of story. I don't think you have that basic understanding.

            • GPUs of 2014 were able to calculate a little over 100 million SHA-512 hashes per second, dual GPUs double that per system. We can expect that this number has doubled yearly for the past 2 years, giving us 400 million per GPU, per second; 800 million per dual-GPU system. 100k such systems (well within the reach of a government budget) would be able to churn through 80 trillion hashes per second, roughly 7 quintillion (7 billion billion) hashes per day. That is quite a number of years, indeed, to brute-force.
              • by tibit ( 1762298 )

                7 billion billion per day is still 2^63, 58 orders of magnitude short of 2^256, 135 orders of magnitude short of 2^512. Whatever "datacenter" you think of is irrelevant, pretty much.

                The extra layer of protection offered by asymmetric encryption will be moot once a key secure hash falls.

                • 7 billion billion per day is still 2^63, 58 orders of magnitude short of 2^256, 135 orders of magnitude short of 2^512.

                  You must've stopped reading before you finished my first paragraph... I actually admit as much.

                  The extra layer of protection offered by asymmetric encryption will be moot once a key secure hash falls.

                  Not if the asymmetric encryption isn't vulnerable to the same exploit as the failed hash. Seriously, think about that for half a second; if you're able to keep up an argument on this topic (and I'd say you've been doing a fine job of it until now) you shouldn't need any longer than that. You're a smart fella, act like it.

  • by Anonymous Coward

    There is no story here.

  • by CajunArson ( 465943 ) on Thursday June 23, 2016 @10:14AM (#52373965) Journal

    The Linux Kernel: NOT ENCRYPTED. Go panic now, the world is ending.

    In fact, do you know that Linus Torvalds has personally made it possible for the MUTHAFUCKIN NSA to read every single line of source code in the Linux Kernel??

    Just think about that the next time "they" tell you that it's OK for your computer to SEND IT'S DAMN IP ADDRESS OUT TO THE INTERNET!

    The black helicopters are coming for me man!!

    • by Anonymous Coward

      I find it ironic about people fearing the NSA. They wrote SELinux, which has done a lot of good overall with Linux security. They also have a lot of decent guides for server hardening.

      To me, I've found their publications and security work, as well as hardening of operating systems, well worth my tax dollars.

      • The NSA has two tasks: snooping and protecting US data. It takes the first task more seriously, and because of the snooping many people fear NSA, but it does stuff to fulfill the second task as well, like writing SELinux.

        • it does stuff to fulfill the second task as well, like writing SELinux.

          Yeah, I like to think we're getting the "Pro" version. But with sufficient network sniffing there is little to worry about, right?

    • by Anonymous Coward

      Lucky you man! You get to ride in a helicopter!

    • by crtreece ( 59298 )
      OMG! I just checked on the websites for FreeBSD, OpenBSD, and NetBSD, they all have source code available too! Drug dealers, pedophiles, terrorists, and the NSA ALL have access to this source code.

      They all leak IP addresses to the internet as well. It looks like they only leak MAC addresses to the local network, so they've done a little better there.

  • Filesystem change? (Score:5, Interesting)

    by nine-times ( 778537 ) <nine.times@gmail.com> on Thursday June 23, 2016 @10:39AM (#52374171) Homepage

    Is the new iOS running on Apple's new filesystem? Supposedly part of the features of the new filesystem is that it has greater control over file encryption. Given this explanation, it may be that they previously encrypted the kernel because it was the best way to encrypt user data, whereas with a new filesystem they may be able to encrypt the files they want to encrypt without needing to encrypt anything else.

    Just a shot in the dark, though.

    • It might for new phones, but I highly doubt they'll convert the filesystem during an upgrade. Even with perfect code doing the conversion on a clean filesystem, it's a risky operation.
      • Who would take that chance anyway? On my Mac, I do a full data backup to an external drive, then physically disconnect it, before routine OS updates. On my iDevices, I do backups to both iCloud and my Mac before updates. I've never actually lost data. But I'm a bit paranoid on that score and, as they say, better to have the backup and not need it than the other way around. And really, if anything calls for a backup, re-partition, re-format, and install everything from scratch; a filesystem update s tha

    • The new filesystem, APFS, doesn't yet run on the phones. In fact, it can't even be used for a boot drive yet. They seem to be aiming for a 2017 release with it, but filesystems tend to suffer from catastrophic failure when bugs occur, so it's no surprise that Apple is playing this very carefully and getting it into the hands of developers well in advance. They'll doubtless re-add missing functionality over that time, such as being able to boot from it, use it for Time Machine, use it with FileVault, etc., b

    • Encrypting the kernel image didn't do anything to protect user data though, since it is decrypted during boot time so the phone can actually run. It was done, presumably, to prevent people from decompiling the binary and trying to find holes in it to make jailbreaks and such. Once the phone is booted, the kernel will of course refuse to dump itself so it only needs to be protected while the device is off.
  • As much as I dislike Apple, they are not wrong here. What's the point of encrypting *code*?! Sign it, check sum it - yes, by all means, so that it's not replaced by something malicious. But why would you need to hide the actual content of the code?! Haven't we learned that security by obscurity doesn't work?

Keep up the good work! But please don't ask me to help.

Working...