Is Your iPhone Safe? Apple iBoot Source Code Is 'Biggest Leak in History'

apple iphone iboot source code leak
The iBoot source code leak could allow vigilante hackers and nefarious intelligence agencies to probe iPhones and iPads for security vulnerabilities. Jack Taylor/Getty Images

Apple has acknowledged that source code used in the software of iPhones and iPads has been leaked online, which security experts warn could present a major opportunity for hackers.

The so-called iBoot code for iOS 9, the ninth iteration of Apple’s iOS mobile operating system released in 2016, was briefly posted to GitHub before Apple sent a DMCA notice to the software platform demanding it be taken down.

The leaked code, which was first reported by Motherboard, offers a way for security researchers outside of Apple to inspect and probe the source code for possible weaknesses. This could potentially trigger the emergence of new ways to jailbreak iPhones and iPads running older versions of the iOS mobile operating system.

“It may also enable access to data on the device, creating a potential threat to the confidentiality of data stored on iOS devices,” Leigh-Anne Galloway, of cybersecurity firm Positive Technologies, said in an emailed statement to Newsweek. “This can be useful not only to advanced users of devices, but also to criminals.”

Another expert on iOS, Jonathan Levin, told Motherboard that the iBoot source code represented “the biggest leak in history.”

Read more: The human cost of Apple’s most expensive iPhone ever

Apple dismissed these concerns on Friday, February 9, saying that the security of its devices was not dependent on whether or not the source code is public.

“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code,” Apple said in a statement.

“There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

Despite these assurances from Apple, some security experts have warned iPhone and iPad users to secure their devices.

“It is important to provide multi-level protection of your data on your own,” Galloway said. “For example, configure a complicated login to the account, using filters by IP address and two-factor authentication, leave the number of bank cards stored on your iPhone to a minimum and don’t store critically important data on the device.”

Other security analysts pointed out that some parts of the iBoot code may also appear in later versions of Apple’s iOS software.

“Unfortunately there’s a high chance that portions of the leaked code have remained the same in iOS 11,” cybersecurity veteran Graham Cluley explained.  

“Furthermore, there are believed to be tens of millions of older iPhones and iPads in circulation that are still running iOS 9 as they are unable to be updated.”

Join the Discussion