Apple Confirms: iOS 10 Purposefully Leaves the Kernel Unencrypted
Security researchers discovered recently that in iOS 10 beta 1, the operating system kernal is left unencrypted. However, Apple has now confirmed that this was intentional, and explained that the move allows user data to remain safe while bolstering iOS performance.
You have nothing to worry about. At least, that's according to Apple.
Apple confirmed this to TechCrunch, following the original discovery of the shift by the MIT Technology Review. In iOS 10 beta 1, it was indeed discovered that the kernal remains unencrypted, making it a lot easier for third parties to examine the code there. This came as surprising news, especially considering Apple's vocal stance on user privacy and security. However, according to a spokesperson, user security isn't at risk due to the move:
The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security.
Ars Technica explains that “user data in iOS is encrypted with a key derived from the device's unique identifier (UID) and the user's passcode, which makes it very difficult to decrypt user data without that user's passcode.” And after ten incorrect passcode attempts, an iPhone's contents are wiped via an optional setting. This is designed to prevent brute-force hacking methods on an iOS device.
The bottom line, then, is that you have nothing to worry about, according to Apple. Its iOS remains secure with iOS 10, but benefits from optimized performance as a result of the switch.
