Color me a bit paranoid these days, but it seems as if everything technological and political is going to hell in a hand basket (not sure exactly what that last part means but my grandfather and father used it in similar locations). The latest is yet another long string of security problems at… not Microsoft… not Google… not even Samsung. It’s Apple.
Just weeks ago almost anyone could hack into a Mac with ease. This week we learned that Apple’s very own iBoot– that part of iOS for iPhone and iPad that ensures a trusted boot up of iOS– has been leaked online. It’s in the wild. iBoot is what loads the iOS kernel, verifies that it is properly signed by Apple, and then runs it so iPhone and iPad start up as they should.
Apple’s secrecy has eroded in recent weeks, months, and years, and even certain portions of macOS and iOS have been open sourced, but the iBoot code remained– until this week– very secure and private. This may be one of Apple’s biggest security leaks ever. Is it real? Apple sent a DMCA legal notice to demand that GitHub remove the iBoot code it stored.
Those in the know say the iBoot code posted is for iOS 9 but certainly there are portions that likely remain in use for iPhone and iPad devices using iOS 10 and iOS 11.
Are you safe? Yes. This is a different kind of security breach, one which iOS jailbreakers will love and even though it has been removed from GitHub it will forevermore remain available online.
The question I have to ask of Apple CEO Tim Cook is obvious:
Dear, Tim. Is anything safe at Apple anymore?
There have been a sufficient number of leaks, compromises, and goof ups in the past year that I worry about the complexity of Apple’s operation. After all, I keep my photos in Photos stored in iCloud.
And everything else. I use Apple’s Keychain to sync between iPhone, iPad, and Macs (and 1Password; you can never be too safe or have too many backups). I pay Apple extra for iCloud Drive storage. I have multiple backups of each Mac, keep critical files stored and encrypted online and off premise, and keep encrypted backups of each iPhone and iPad.
It’s 2018 and we are somewhat forced to trust Apple just to have a modern digital life. Apple even encourages that trust, but every few weeks we see another public display of something gone wrong.
If it’s not an engineer on macOS High Sierra that fails to close a hole that opens a Mac up to anyone, it’s a disgruntled former employee willing to drop some source code onto the free world’s largest code dispensary (I’m guessing GitHub is big; maybe not the largest).
Now about that “going to hell in a hand basket” thought. I looked it up. Sure, it’s a small basket carried in the hand. But it has a more distinct and ominous meaning.
to deteriorate rapidly: the world is going to hell in a hand basket.
Apple? Is that you? If anything is safe anymore, let us know. If not, a little paranoia is the right attitude to have; especially when it seems as if everyone is out to get you.