SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Apple is Leaving the Kernel Unencrypted in iOS 10

Posted on July 27, 2016

As always, Apple unveiled a slew of intriguing new announcements at their annual Worldwide Developers Conference in June. Among the headline-worthy revelations were the new versions of the Apple Watch, an overhauled Apple Music app, and the “raise and wake” feature of iOS 10. Perhaps the most surprising thing about the conference concerned what was under the hood for iOS. Specifically, Apple has decided to leave the kernel of their mobile operating system unencrypted.

For those who are unfamiliar with the terminology, a “kernel” is considered an operating system’s core. Essentially, it’s the kernel’s job to communicate between the hardware of a computer and the application software running on that machine. As such, the kernel is responsible for managing virtually everything that a computer does.

Past versions of iOS have featured an encrypted kernel, but according to an article from TechCrunch, those days are over. Apple says that, by unencrypting the kernel on iOS 10, they will be able to provide superior performance without losing anything in the way of security. Theoretically, the company could have taken this step years ago, to goose just a little more power and performance out of the historically high-performing iPhone. The kernel doesn’t contain any user info, so there has never been any particularly logical reason to encrypt it.

As TechCrunch noted this move makes sense based on Apple’s current narrative. In the past year or two, we’ve seen Apple take significant strides toward transparency. It’s easy to read the decision to unencrypt the kernel as just another move in that direction. Now, developers and security researchers will be able to take a look at the iOS kernel code—something that has never been possible in the past.

The hope in the security community is that the lack of encryption will allow third-party entities to comb through Apple’s code and find flaws or vulnerabilities more quickly than Apple would have found them in-house. In turn, with the security community looking for and finding vulnerabilities in the kernel, Apple will be able to patch them more quickly and avoid exploits. If things do indeed work out this way, then Apple’s decision to unencrypt the kernel in iOS 10 could make it safer than past versions of the operating system. Of course, the lack of encryption will also open the gates for hackers to take a look at the kernel code, which could provide ways for cyber criminals to attack iOS 10.

Join our mailing list for the latest security news and deals