Skip to main content

iPhone source code leaked online could lead to potential exploits

(Image credit: Image Credit: Relexahotels / Pixabay)

Apple's iPhone could soon be a great deal more vulnerable to exploits by hackers after an anonymous user posted part of its highly guarded source code online for anyone to see. 

Though iPhone users are not at immediate risk following the leak, security experts have warned that hackers could develop ways to recreate the code and alter it for their own malicious purposes in the future. 

A part of the source code for iOS was published by an anonymous user on the web-based hosting service, GitHub that is primarily used by developers to share code with one another.  The source code that was leaked online comes from the three-year-old iOS 9, though since it pertains the iPhone's boot process, it is likely still included in the latest version of Apple's mobile OS. 

The code itself pertains to the company's iconic smartphone's “iBoot” system which is launched when a user presses the power button on their devices.  Hackers could potentially use this code to install malware or even surveillance tools on a wide range of iPhones since they all theoretically contain this snippet of code. 

Insinia Security's Matthe Carr offered more details on the potential impact of the leak, saying: 

“It's big, but does not directly impact users yet.  But it gives visibility into what the code does so anyone looking to reverse engineer iOS and write exploits can use this to make their job much easier.  There may even be massive parts of code reused so they could try and find bugs in old code and see if it works on new versions.” 

Apple has always been very protective of its source code in order to prevent vulnerabilities, which could be exploited by malicious third-parties, from being discovered.  The company also operates a bug bounty program to protect the security of its devices and software by paying security researchers and white hackers when they discover a vulnerability.  For instance on its site, Apple clearly states that an iBoot system disclosure could be worth as much as $200,000 since it is such an integral part of the iPhone's source code. 

Following the leak of the company's source code, Apple has since issued a take-down notice to GitHub to prevent the iBoot source code from being distributed online. 

Image Credit: Relexahotels / Pixabay

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.