Hacker Releases Firmware Decryption Key for Apple's Secure Enclave

Discussion in 'iOS Blog Discussion' started by MacRumors, Aug 18, 2017.

  1. MacRumors macrumors bot


    Apr 12, 2001

    A hacker released what he claimed to be a firmware decryption key for Apple's Secure Enclave on Thursday, initially sparking fears that iOS security had been compromised.

    Apple's Secure Enclave Processor (SEP) handles all cryptographic operations for the Apple Watch Series 2, the A7 processor that powers the iPhone 5s, the iPad Air, the iPad mini 2 and 3, and subsequent A-series chips. The encrypted SEP is completely isolated from the rest of the system and handles Touch ID transactions, password verifications, and other security processes on a separate OS to maintain data protection integrity even if the kernel has been compromised.

    One of the ways the SEP does this is by generating a Unique ID (UID) for each device for authentication purposes. The UID automatically changes every time a device is rebooted and remains unknown to other parts of the system, further enhancing its security.

    Beyond that, little is known about how the SEP actually works outside of Apple, but that's by design - the enclave's isolation serves to obfuscate it from the rest of the system, preventing hackers from rifling through its code to make it as secure as possible.

    The decryption key posted on GitHub yesterday would not enable hackers to access data stored inside the Secure Enclave, but it could allow hackers and security researchers to decrypt the firmware that controls it and potentially spot weaknesses in the code.

    Speaking to TechRepublic, the hacker that released the key claimed that Apple's effort to obfuscate the code was itself cause for concern.
    Xerub claimed it's theoretically possible that the decryption key could be used to watch the SEP do its work, which could potentially allow hackers to reverse-engineer its process and gain access to its contents, including passwords and fingerprint data. However, he admitted that a lot of additional work would need to go into exploiting the decrypted firmware.

    It's still unclear what the longer term repercussions could be, but an Apple source who wished to remain anonymous told TechRepublic that the release of the SEP key doesn't directly compromise customer data.
    More accurately, it makes research into the structure of the SEP possible, which could allow hackers to find flaws in its workings. Apple said it did not plan to roll out a fix at this time.

    Article Link: Hacker Releases Firmware Decryption Key for Apple's Secure Enclave
  2. iGraham4 macrumors member

    Nov 30, 2010
  3. Abazigal macrumors G4


    Jul 18, 2011
    Will likely get patched in a firmware update soon enough, no doubt.
  4. acegreen macrumors regular


    Jun 25, 2015
    The last time we had a firmware leak, we got a ton of nice tidbits...[takes out the popcorn]
  5. Sunny1990 Suspended


    Feb 13, 2015
    Now that the firmware code is exposed it's open season on SEP vulnerabilities. Apple need to fix this Soon as possible
  6. MrGuder macrumors 68030

    Nov 30, 2012
    Is this why you should always update your iPhone? I have a 6s and I'm still on 9.3.5 I don't want to lose the music app.
  7. Northgrove macrumors 65816

    Aug 3, 2010
    No, it is not, but am I missing something here or is there no indication Apple is doing that? Just because they have now _added_ a layer of security doesn't imply that they're _relaxing_ another layer of security and not taking auditing their SEP code seriously?

    I am absolutely certain that Apple's security experts have heard of the saying "Security through obscurity" and its fallacies... It is a fallacy to replace one with the other, but not use both in tandem.
  8. apolloa macrumors G4

    Oct 21, 2008
    Time, because it rules EVERYTHING!
    It's only a matter of time, but this is what you get when hackers and script kiddies are never jailed for their crimes, hack the defence networks oh sure jail you, hack a mass market consumer device or steal millions of people's details and passwords then you get a slapped wrist, and a nicely paid job in a security firm....
  9. casperes1996 macrumors 68040


    Jan 26, 2014
    Horsens, Denmark
    Whilst we would have no way of knowing about the specific algorithmic methods with which the SEP handles data, Apple has been quite open about how the security works still. I'm going to go out on a limp and say that there's no way anybody will figure out a way to get data that has been encrypted by the SEP without the passcode used to lock it. If anything, people might find a way to catch data in flight, but even then, how would you get your code that captures data onto an iOS device?
  10. Kabeyun macrumors 68000


    Mar 27, 2004
    Eastern USA
    As far as privacy and security go, I still sleep just fine at night in Apple's ecosystem.
  11. RichTF macrumors regular


    Nov 11, 2007
    London, UK
    This is why good security generally involves lots of layers, the "onion" strategy. Getting past one layer is a problem, but not one that (in isolation) is a meaningful security breach.

    Another way to think of it — The SEP came out with the iPhone 5s 4 years ago. So this encryption layer has prevented 4 years worth of hacking attempts on the deeper layers, which is time Apple has most likely been spending improving those layers. It might also be possible for Apple to re-apply this outer layer in subsequent iPhones, or maybe even with a firmware patch, thereby resetting the clock again.

    So yeah, it's unfortunate that it's been hacked, but I still feel relaxed about my iPhone's security.
  12. H3LL5P4WN macrumors 68000


    Jun 19, 2010
    Pittsburgh PA
    I appreciate all the generally happy (and likely, very accurate thoughts), but I think I'm going to be sick.
  13. Glassed Silver macrumors 68020

    Glassed Silver

    Mar 10, 2007
    Kassel, Germany
    Open season on finding security holes for thousands and millions of programmers.

    Situation before: a few dedicated hackers could - in private - reverse engineer the firmware after doing what this gentlemen just did and keep the intel to themselves and abuse it.

    Much like how three letter agencies are absolutely willing to spend a lot of dough on cracking other closed-source systems and keeping any findings to themselves, because you know... Once you need it, it won't be patched.

    Open source is the way to go, let as many eyes as possible audit the code I say.

    Glassed Silver:win
  14. twilson macrumors 6502

    Apr 11, 2005
    What on earth does "don't want to lose the music app" even mean?
  15. charlituna macrumors G3


    Jun 11, 2008
    Los Angeles, CA
    Course all it takes for it for Apple to change up the key and what the hackers have could be moot. Firmware is often updated with the new iOS so it's possible a change is already coming before this hack. And they haven't proven what they can do with the knowledge yet. So I wouldn't panic too much
  16. democracyrules macrumors 6502a

    Nov 18, 2016
    Seems like this article sounds a fake news to spoil Apple excellent reputation on security. Unless Apple releases a public statement, news like this article shouldn't be taken seriously.
  17. merkinmuffley macrumors 6502a

    Dec 3, 2010
    Has anyone verified the FW can be exposed using this? If it's true, Apple has a problem.
  18. rtomyj macrumors 6502a


    Sep 3, 2012
    Only going to help the users out but;

    How does he criticize apple for obfuscation of the SEP (makes it hard to read) claiming that Apple doesn't have confidence in it being uncrypted like it's kernels but then adds that right now there's no way of knowing if obfuscation is the only form of security. How can you criticize obfuscation as Apples plan for hackers when you don't know if that's all they do....
  19. Primejimbo, Aug 18, 2017
    Last edited: Aug 18, 2017

    Primejimbo macrumors 68040

    Aug 10, 2008
    You should ALWAYS keep you software up to date. You have many software bugs and security holes. A big on that was just patched with one of the recent updates (10.3.3) that would let an attacker crash your device over wifi:

    Here are all the security issues since 9.3.5

    I don't get people all. They keep something that doesn't make sense then have updated security.
  20. BlendedFrog macrumors regular

    Dec 9, 2010
    I'm missing something. Reading through the techrepublic article and the github repositories, I see that this was done with the iPhone 5s with iOS 9 on it. Are other models with the SEP are effected? And what about iOS 9.3.5 and above?
  21. OldSchoolMacGuy Suspended


    Jul 10, 2008
    The firmware has been available for quite a while on the forensic side, just not publicly (and it's till not publicly, only the means to potentially decrypt it).

    While it's possible this could open things up a bit in the future, all Apple has to do is release a firmware update which prevents this and we move on.
  22. Michaelgtrusa macrumors 604

    Oct 13, 2008
  23. melgross macrumors 6502

    Jan 23, 2004
    New York City
    I’ve never agreed with the concept that open software advocates use as one of the reasons for open software. That is, more eyes on the code results in better security.

    Considering that Linux has plenty of eyes on the code, and still has a number of high level security bugs, and breaches, every year proves the opposite. Giving malicious hackers the code is just giving them the ability to find these flaws and exploit them before they’re found and closed. Since the hackers we’re worried about today are large criminal gangs in Russia and elsewhere, as well as government sponsored hacking in N Korea, China and the above mentioned Russia, as well as in other places (NSA, anyone?), this is no longer being mostly done by boys living in their mothers closet, but by large, well financed teams of professional experts.

    While there’s no evidence that this hack is going to lead to a security breach anytime soon, you can be sure Apple is working on it. If all the code was out in the open, including all of the layers, it would have been entirely hacked two years ago.
  24. HallStevenson macrumors 6502a


    May 1, 2012
    This only affects the 5s (based on the CPU). At some point, Apple stops updating iOS/firmware for older devices so it would/could be an issue for people with older devices.
  25. lincolntran macrumors 6502a


    Jan 18, 2010
    Good point. Most people don’t realize that security and hacking is a game of cat and mouse. Nothing stay secure forever. Time is the only that matter.

Share This Page