Tech by VICE

How iPhone Hackers Got Their Hands on the New iOS Months Before Its Release

Several people, including security researchers, hackers, and bloggers, have had access to an early version of the new iOS 14 for months.

by Lorenzo Franceschi-Bicchierai
May 22 2020, 3:25pm

Image: Motherboard

Security researchers and hackers have had access to a leaked early version of iOS 14, the iPhone's next operating system, since at least February, Motherboard has learned.

That’s almost eight months before the expected official release of iOS 14, given that Apple usually publishes the new iOS in September along with the announcement of new phones. Sometimes, screenshots and descriptions of new features leak before the official reveal. This time, however, an entire version of the operating system has leaked and is being widely circulated among hackers and security researchers.

Motherboard has not been able to independently verify exactly how it leaked, but five sources in the jailbreaking community familiar with the leak told us they think that someone obtained a development iPhone 11 running a version of iOS 14 dated December 2019, which was made to be used only by Apple developers. According to those sources, someone purchased it from vendors in China for thousands of dollars, and then extracted the iOS 14 internal build and distributed it in the iPhone jailbreaking and hacking community.

“There's a network of people who have access to such things.”

For the last few months, information about iOS 14 has been trickling out on the Apple blog 9to5Mac, which obtained a copy of the leak. At the same time, people who trade stolen or leaked Apple code and hardware have been distributing this early version of iOS 14 to several security researchers, giving them an opportunity to take an early look into new code, and find new vectors to attack it, according to four sources in the security research community.

“It gives insight into a decrypted copy of the iOS file system months before release so it could be very useful. It’s pre-release, lots could change, but it’s a trove of information,” said Ryan Duff, Director of Cyber Products at SIXGEN, who reviewed the leaked code for Motherboard. “I can’t say this will give an easy jailbreak or anything like that, but it’s way more information about an upcoming iOS than we ever see normally.”

iOS 14 Code
A screenshot of some of the strings from the leaked iOS 14 internal build.

The final iOS will almost certainly look and function different than this early version, but iPhone hackers and researchers now have a huge lead time in which they're able to probe iOS 14 in order to look for vulnerabilities in whatever is eventually released to the public. Moreover, this leak shows once again that security researchers and iPhone hackers are starting to put some serious cracks into the once-vaunted security of iOS. In the last year or so, researchers have released a public jailbreak for almost all iPhones, the price of unknown vulnerabilities in iPhones are reportedly going down, signaling a market where they are more common, and several companies have caught hackers using sophisticated iPhone hacks in the wild.

Apple declined to comment on the leak.

“That sucks,” said a current Apple employee, who didn’t have knowledge of the leak. Another current Apple employee told Motherboard that they spoke to other employees referencing the leaks. Both employees asked to remain anonymous as they were not allowed to talk to the press. A source in the cybersecurity industry said, his team has this leaked version of iOS 14, and they are studying it. Motherboard granted several sources anonymity in this article because they were not authorized to speak to the press by their employers.

Do you work or did you use to work at Apple? Do you trade prototypes or do research on iOS? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com

Leaked Apple code, documentation, and hardware is often traded on Twitter using a hashtag called #AppleInternals. The people trading or selling this information are often pseudonymous, but have proven time and time again to have legitimate Apple information or hardware. This particular version of iOS 14 has been traded on Twitter but also among networks of jailbreakers and security researchers. Two security researchers told Motherboard they have (and are probing) iOS 14, and two said they heard it was being offered but were staying away from it, fearing repercussions from Apple.

An independent security researcher who goes by Unknownz21 on Twitter said he had the leaked code and, in a chat with Motherboard, knew specifics about the operating system and its code that we cross-checked with three sources who have it.

“There's a network of people who have access to such things,” Unknownz21 said in a chat with Motherboard. We cross-checked information this user knew about the leak with others who also had it.

Another person, who goes by the name of Atomic F** and describes themselves as an enthusiast of Apple software and hardware that’s only intended for internal use, shared a copy of the leaked iOS 14 code with Motherboard. We verified that the code was the same one as the one circulating online by comparing version numbers and details of it with three people who claimed to have it. Motherboard has since deleted the code.

“It’s literally something that was installed on a phone, then copied from it. Since that kind of software implies the phone has root access enabled,” Atomic F** said in an online chat. “Which makes it easy to just make a literal copy.”

They said this is “the first time ever” an upcoming version of iOS leaked so many months in advance of its release and was widely traded in jailbreaking circles. Even the public beta for the operating system isn't yet available; the first public version of it is reportedly scheduled to be released on June 22. The leaked version is dated December 10, 2019 and has been traded widely since February.

“Shit is wild. I feel a bit bad for whoever is messing around as Apple does not take kindly to this.”

Last year, a Motherboard investigation revealed the existence of a gray market where smugglers steal early prototypes, or “dev-fused” iPhones from factories in China and then sell them to security researchers and collectors around the world. In the past, Apple has gone after leakers and even a Gizmodo journalist, who found a prototype of an iPhone 4 in a San Francisco bar. It’s unclear what the company will do about this incident, but some in the industry are expecting the worst.

“Shit is wild,” said Will Strafach, a former iPhone jailbreaker and now founder of iOS security app Guardian Firewall. “I feel a bit bad for whoever is messing around as Apple does not take kindly to this.”

Duff, who has studied iOS for years, said that it’s relatively normal to have some information about the upcoming iPhone and iOS, but this is “definitely a bad leak.”

“In recent times we have known almost everything about new models before they were even announced,” Duff said. “This development build leaking is just another example of how Apple's security regarding leaks has deteriorated over time.”

Subscribe to our new cybersecurity podcast, CYBER.

Tagged:
Apple
cybersecurity
iPhone
hackers
Infosec
jailbreaking
iOS 14