iOS 10 is here, and many of us have already been poring over the new improvements to maps, messaging, notifications and the like. Yet if you’re a security-bod, there doesn’t seem to be a great deal to get excited about. However when we look under the surface, Apple has taken a landmark step with this release: the ‘kernel’ – the central core of the OS itself – has been left unencrypted making it readable for anyone that knows where to look.
The fact the kernel is unencrypted isn’t in itself unique – in fact, Apple is a bit late to the game; Microsoft and Linux kernels were always unencrypted. Apple has always thought differently about protecting its core. So it leaves us wondering: why has Apple reversed its policy now? Why does it matter to any of us anyway? The real story is a fight over privacy and who will control our mobile devices. Apple is in fact waving its middle finger in the face of government to protect privacy and security. This is something that all of us must pay close attention to. You may be surprised what powers our governments have and where they’re going to take us.
How leaving the kernel unencrypted makes it more secure, and makes us safer
Encryption is one of the strongest measures we have to ensure that our private information stays private, so people may be forgiven for being concerned that by leaving the kernel unencrypted, seemingly vulnerable, Apple is opening itself up to risk. This isn’t the case though; Apple’s unencrypted kernel will actually help to make the device more secure, and in doing so better protect our privacy and lives that increasingly depend on our smartphones.
By leaving the kernel unencrypted and open for all to read, Apple is actively encouraging developers to root around in its software, in the full knowledge that vulnerabilities in the device may be found. This means that Apple can immediately address any vulnerabilities discovered as soon as they appear. Even if hackers can access the kernel and find a vulnerability to exploit, Apple will be there to patch it. It’s also important to remember that no personal data is at risk; the kernel is the central operating node, which tells the device what to do – it does not store a user’s sensitive information.
Despite this, we’re still left with the “why now?” question. Why is it that it’s taken Apple up to iOS 10 to finally take this step? The answer lies in Apple’s ongoing fight with the US government, and in fact many governments worldwide, and the focal point of a global debate over government powers to access citizen’s data and control their devices.
Revoking the FBI’s backstage pass
Back in March, the FBI announced that it had finally managed to access data on an iPhone belonging to the San Bernardino terrorist. This brought an end to a long-running dispute in which Apple refused to create software that would undermine its own security and create a ‘backdoor’ into its software. Yet what the FBI was really after, and what Apple wanted to protect, was its ‘god key’. The FBI had obtained an order that demanded Apple use its cryptographic key and digital certificates to authorise unlocking software. This ‘god key’ controls what every Apple device trusts and runs – an incredibly powerful weapon in the wrong hands.
The FBI ultimately decided not to proceed with the use of Apple’s ‘god key’, instead using an undisclosed method to unlock the device. However, the FBI has never informed Apple of the method it used, making all iPhones vulnerable to an attack method only known to the FBI. The US government now has a weapon it can use on its citizens and won’t disclose what it is. For many, this is a very scary reality!
With governments’ now possessing powers that rival Apple’s ‘god key’, Apple’s decision to decrypt the iOS is a firm stand against the government. Apple is essentially saying to the FBI: “If you won’t disclose vulnerabilities that threaten privacy for your citizens, we’ll get the whole world to find and eliminate them before you can use them”. By opening up the kernel, Apple is laying down the gauntlet for the security community to identify how the FBI got in last time so that Apple can then shut off the FBI’s backstage access. And because only software that is authorised by Apple’s keys will run on iOS devices, there is no risk of allowing everyone to see, inspect, and find vulnerabilities.
Controlling the keys to the kingdom
With Apple ‘levelling’ the playing field, where does the fight go? Without the asymmetric knowledge of vulnerabilities, the government’s long game will return to control over the cryptographic keys and digital certificates that enable trust across the internet. These tools are used in every business and government, from turning on the green padlock in our browsers through to deciding what software can run on any device. Because of this, the fight for control over them is important to every business, consumer, and citizen. Not knowing where and how they are being used is no longer an option.
Winning the battle
Apple’s action to decrypt the iOS kernel is certainly more than just an olive branch to collaboration. It’s a defence against encroachment on privacy and liberty by governments worldwide that is actually not new at all.
Apple’s ‘god key’ is still safe. But as every business today is a digital business, each using more and more keys and certificates, it’s only a matter of time before law enforcement tests its powers to gain access to them once again. This means that every business will need to do a better job of knowing where their keys and certificates are used and how they are protected. Using the power of keys and certificates, Apple has reasserted control over its security and has put itself in a position where any attempt to compromise its kernel will be instantly recognised and stopped before any damage is done. With government powers over data on the march, Apple has secured a major victory for the right to privacy. However, this is just one more part of a story that is only just beginning.
Contributed by Kevin Bocek, VP security strategy, Venafi
This article originally appeared at scmagazineuk.com