Skip to main content

The Decryption Key Of An Apple Security Chip Called Secure Enclave Has Been Leaked By A Hacker


Secure Enclave Processor (SEP) is a security chip that Apple started putting in iPhones since the release of iPhone 5S.

The security coprocessor, with its own operating system SEPOS, is separate from the main processor of the device and prevents it from accessing sensitive data directly, such as the information stored for TouchID. SEP’s work includes authenticating your TouchID fingerprints with the ones stored on the device.
The chip is in the news because a hacker named “xerub” posted a decryption key related to iPhone 5S’ SEP on the website iPhone wiki. According to The Register, while this key doesn’t allow a person to access the chip, the key can be used to decrypt the firmware on the chip and read its code to know its working.
The key can be used to decrypt an iPhone 5S IMG4 SEP firmware image when used in combination with xerub’s img4lib tool. Another tool by xerub sepsplit can be used to extract binaries from the firmware image.
In their technical documentation, Apple lists the iDevices where the SEP chip finds some space. These include iPhone 5S, iPad Air, iPad Mini 2/3 running the A7 chip, Apple Watch Series 2 (Apple S2 chip), and A-series processors released thereafter.
A Unique ID (UID) number is generated in devices featuring A9 (iPhone 6S, 6S Plus, SE, and iPad 2017) and later chips. This ID is kept aside from the rest of the operating system.
The UID is used to create a temporary key on device startup, which encrypt’s the memory assign to Secure Enclave and authenticates the chip’s memory whenever required, except on A7 devices.
There isn’t much to panic as the decryption key is for iPhone 5S released almost four years ago. In the mean time, Apple has improved their security system a lot.
Sudo Security Group’s CEO Will Scratch thinks the availability of the decryption key can help various security researchers in getting a greater into the firmware. He also said the “key being available does not reduce security of the Secure Enclave in any way.”
“Secure Enclave has the main task of protecting sensitive content, but the firmware decryption key is more comparable to ‘obfuscation’ rather than anything related to protection of the actual content stored.”
Apple’s security implementations have been an unconquered territory for many experts. We did saw the caliber of Apple’s security tech when FBI tried to access the iPhone 5C of the San Bernardino case shooter in early 2016. Even though they managed to crack the device, it was a tedious effort.

Comments

WHAT'S HOT

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

Microsoft Has Released The First Windows 10 Build 16353 For Insiders

As Fall Creators Update is nearing its release, Skip Ahead was announced last month. It enables fast ring users to continue receiving new features, though the RS_PRERELEASE