It hasn’t been a wonderful week for Apple where leaks are concerned. Following on from the confirmation from Apple that theiBoot source leak was indeed official, the baseband source code for multiple iPhone models has now been shared online, which potentially opens the door for software-based unlocks.
As mentioned above, Apple has already responded to an earlier leak of the iBoot source code, confirming that it is indeed genuine, but also reiterating that it appears to be the source from software created and released three years ago as part of iOS 9. Although the company didn’t officially release this code into the public domain, it appears that Tim Cook’s men aren’t too worried about the leak as it’s extremely outdated, at least that is if you by what the company is saying.
The company also says that the security of its products doesn’t actually rely on the secrecy of its underlying code, suggesting that there is nothing for the average consumer to worry about from a security and privacy perspective.
Apple has yet to give any response to the leak of this baseband source code though. It’s already started an active conversation in the community about what will or will not be possible. As this code pertains to the baseband of various iPhone models, and because it’s all nicely packaged up into a Xcode project, the immediate conversation here is about whether or not this will be useful to start offering software-based device unlocks to remove any carrier locks from Apple’s iPhones which exist with a baseband affected by this source.
It’s unlikely that today’s jailbreak community will remember the time when software unlocks via ultrasn0w were a thing of beauty and offered for devices which had vulnerable basebands. The existence of this code, which will allow the people with the requisite skills to find bugs and potentially exploit them, could bring back those days of baseband unlocking as a fine art. We’re currently unsure if anything will come of this but one thing for sure, that having all of the sources will definitely make a security researcher’s job a lot easier.
We will wait to see if Apple responds with anything in an official capacity, and, of course, will update if anyone manages to make anything of this.
(Source: @Apple_External [ Twitter ])
You may also like to check out: