The site Technology Review MIT looked at a discovery that was not expected: in the first pre-release iOS 10 , the kernel is not encrypted, at least in large part. Its workings are exposed to air, allowing everyone to explore the delicate mechanics. There are only two possible explanations for such a "revelation": either it is a mistake or a well-calculated move. At MIT, the second hypothesis is the first choice. Apple could very well decide such a change for everyone, in fact, can not only see how things are done in-house but detect any faults. It is precisely the whole point.
Security breaches are of great concern nowadays, they are a powerful relay for law enforcement and intelligence agencies. The case between Apple FBI has drawn great attention and suspect's phone had been successfully decoded, but Apple could never get the details of the vulnerability.
But if the guts of the kernel are exposed, the number of discovered vulnerabilities will be increased. Since everyone can examine an unencrypted kernel, the number of vulnerabilities reported to the company should increase more rapidly than kept secret breaches. Because in addition to " white hats" , various hackers and researchers, security companies will give it a try.
It is also possible that Apple's "openness" is for beta phase. However, it is not clear that Apple wants to continue this little experiment.
Finally, it is possible that the company is taken into account some criticisms against its security. This transparency will, however, have real interest if it continues with the final version of iOS 10.
However, we should point out that Apple still has no hunting program for bugs. There is thus, contrary to what you can find in Google, for example, financial reward when a vulnerability is discovered. So it should not be that the opening has the opposite impact, the gray hats not only report to the company but sell them to the highest bidder.
0 comments:
Post a Comment