A hacker leaked the decryption key for Apple's Secure Enclave, severely affecting iOS security
A hacker leaked the decryption key for Apple's Secure Enclave, severely affecting iOS security
The leak has reportedly been confirmed and could allow hackers to access previously encrypted iOS elements.
According to Apple, SEP was incorporated into iOS security in Apple S2, Apple A7, and later A-series processors and provides "all cryptographic operations" for data protection. Apple's SEP is also responsible for verifying Touch ID and fingerprint initiated transactions.However, with the decryption key that protects the SEP now publicly available, it may just be open season for hackers looking to target Apple products. Essentially, the decryption key allows third-party entities to decrypt andaccess Touch ID data, as well as other kinds of data processed via SEP. Bleeping Computer reported that the key could also allow hackers as well as surveillance firms to hunt for bugs in iOS devices, which were previously inaccessible to third parties.
"The fact that [the SEP] was hidden behind a key worries me," Xerub told TechRepublic. "Is Apple not confident enough to push SEP decrypted as they did with kernels past iOS 10?"
The hacker said that SEP is basically a "black box" that adds very little to security. He added that his intention behind releasing the SEP decryption key was to boost its security. "Decrypting the firmware itself does not equate to decrypting user data," Xerub added. "I think public scrutiny will add to the security of SEP in the long run. Apple's job is to make [SEP] as secure as possible. It's a continuous process ... there's no actual point at which you can say 'right now it's 100% secure.'"
Apple reportedly said that it is not planning to issue a fix yet. The leak comes just a day after news broke that the upcoming iOS 11 will come with a "panic button" or "cop button" feature to disable Touch ID in a hurry.
No comments