Apple had to publicly acknowledge last week that iBoot for iOS 9, the secure software that runs on iPhones and iPads before the operating system kicks off, had indeed been leaked. Apple said at the time that the security of its proprietary software isn’t key to iPhone secrecy, but the company still filed a copyright claim to remove the leaked iBoot source code from Github.
A security researcher dubbed the leak as the “biggest” in Apple’s history, suggesting that access to iBoot may have huge security implications, even if the source code is two years old. If discovered, new iBoot vulnerabilities may be used by the jailbreak community to create new ways of hacking iOS devices.
It turns out that people active in the jailbreak community encouraged a low-level Apple employee to leak the source code in the first place.
According to Motherboard’s findings, the Apple employee leaked the code in 2016 to five people, according to two people who first received the code. The person wasn’t a disgruntled employee, people say. Instead, he leaked the files to his jailbreak friends who were interested in iOS security. Apparently, the person took plenty of additional code that wasn’t yet leaked, aside from iCode.
“He pulled everything, all sorts of Apple internal tools and whatnot,” a friend said.
The original group hadn’t planned for the code to leave that circle of friends, but, eventually, one of them shared it with someone else.
“I was really paranoid about it getting leaked immediately by one of us,” one of the friends said. “Having the iBoot source code and not being inside Apple…that’s unheard of.”
“I personally never wanted that code to see the light of day. Not out of greed but because of fear of the legal firestorm that would ensue,” a person said. “The Apple internal community is really full of curious kids and teens. I knew one day that if those kids got it, they’d be dumb enough to push it to GitHub.”
They worried that other people would use iBoot vulnerabilities for malicious purposes.
“It can be weaponized,” the people said. “There’s something to be said for the freedom of information, many view this leak to be good. [But] information isn’t free when it inherently violates personal security.”
“We did our damnedest best to try to make sure that it got leaked [only after the code] got old,” they added.
It all happened a year after their friends gave them the Apple files. One member of the group shared it with a person who shouldn’t have had it.
Ultimately, the original group had lost control of the leak, and it spread to more people, and it even hit Reddit in 2017, although it went largely unnoticed at the time.
The leak resurfaced on Github last week, going viral online — it appears to be a copy of the original leak.
Apple, apparently, was aware of the leak long before it was pushed to Github. The Apple employee who leaked it signed a non-disclosure agreement with Apple and refused to talk about the matter.