Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Hacker Releases Firmware Decryption Key for Apple's Secure Enclave

donlab said:
He owns the phone and can do whatever he likes with it. Plain and simple. Jailed for hacking into your own phone? C'mon.
Click to expand...

Wow, what an excuse for crime... no, you are not allowed to hack things by law because you agree to the software licenses when you purchase a device.
And when you hack a security system and then release it to the internet. That's also highly illegal... or do you think hackers breaching the security of millions of devices and releasing the information to the internet for all hackers and criminals to use as they see for as Ok???

You do realise your exact same ideology and argument could be used to excuse someone hacking security on their credit card chip? It's an utterly stupid argument and ideology to hold and is wrong.
 
Last edited:
HallStevenson said:
This only affects the 5s (based on the CPU). At some point, Apple stops updating iOS/firmware for older devices so it would/could be an issue for people with older devices.
Click to expand...

but how many folks out there have older devices. especially ones running older software. and if its a major security issues what's stopping Apple from creating an update to even iOS 3 if they like
[doublepost=1503154792][/doublepost]
donlab said:
He owns the phone and can do whatever he likes with it. Plain and simple. Jailed for hacking into your own phone? C'mon.
Click to expand...

did you read the comment you were replying too. clearly he went beyond "Hey i'm gonna hack my phone to see if I can do it.
 
  • Like
Reactions: apolloa
charlituna said:
but how many folks out there have older devices
Click to expand...
No doubt more than you realize. 95% of iPhone users do not stand in line to get the newest iPhone model. I'd bet money that the 5s is an extremely popular model, in fact. Just Googled "iphone models usage" and got this:

https://hwstats.unity3d.com/mobile/device-ios.html -- 5s is the most common but admittedly, no "7" models show up (data must have been collected before they were released)

https://david-smith.org/iosversionstats/ - 6, 6s, and 5s, in that order of popularity. 7 and 7s are listed as this data is just weeks old.
 
Last edited:
KazKam said:
I think what it means is that since Apple forced iCloud music library and Apple Music into the Music app, they've made it damn near unusable if you don't want to/can't stream, and just want to listen to the music you have synced to your device.

The Music app, ironically the very thing that gave the iPhone all the functionality of an iPod, no longer lets the iPhone function as an iPod used to, which is still the way many people, including me, prefer to listen to the music they already own and have chosen to carry with them.

The new music app was written exclusively to sell music and subscriptions to the millions of customers who don't yet own most of their music, and be damned with the millions of users who already do. The new music app is now nothing more than a giant bandwidth-hogging swill-shilling sellout of an app specced by record-executive puppets and sell-outs...

I think that's what it means.
Click to expand...

Well said. I use AM on a laptop with its own separate library and download rather than stream stuff I want to listen to from Apple Music. I don't use AM with anything iOS devices since it would mean having to redownload stuff plus lose ability to use that device to sync to my other itunes libraries on my laptop. I find myself using music less and less on iOS devices and more on older iPods that I still have. Not sure that's what Apple expected but that's how it goes for me. Next step could be a regular cellphone instead of an iPhone; just use an iPad mini for whatever I now use an iPhone for that's not a phone call. There's a Murphy's Law corollary in there somewhere for Apple.
 
MrGuder said:
Is this why you should always update your iPhone? I have a 6s and I'm still on 9.3.5 I don't want to lose the music app.
Click to expand...

Calm down. What this means is that hackers can now read the code that is used by the Secure Enclave. That doesn't mean there are any bugs in this code. And if there are bugs, that doesn't mean that they can be exploited to harm you. And if there can be exploited, that does not mean there is any way to harm you without first stealing your phone. And if it is possible, that doesn't mean that anyone finds a way. And if there is a way, that doesn't mean that it is found before you buy a new phone.
[doublepost=1503193745][/doublepost]
charlituna said:
Course all it takes for it for Apple to change up the key and what the hackers have could be moot. Firmware is often updated with the new iOS so it's possible a change is already coming before this hack. And they haven't proven what they can do with the knowledge yet. So I wouldn't panic too much
Click to expand...
Wait a second. Apple cannot change the code in the secure enclave of any phone that is in the hand of a user. That code must be absolutely unchangeable, that's the whole point of the secure enclave that _nobody_ can get inside. So once somebody decrypts the code, the code is known.
 
I've only read the first page of comments here, but one thing I want to address is people thinking that a firmware update by apple will 'fix' this. So, sure, it will make it far more difficult to access the secure enclave firmware in future iOS versions. What it may not do, though, is negate any vulnerabilities discovered in the decrypted SEP. Those would have to be patched separately (assuming they're all disclosed to Apple.)

Basically, I think this key is not particularly useful for hacking into one's phone, rather, it is useful for helping to discover other exploits in the SEP, for which the key would not be required.
 
Phonephreak said:
What does that have to do with the iphones SEP?
Click to expand...

Quite simple. The Secure Enclave is an extra layer of protection that has in this one instance now partially been compromised.

This is not such big a deal, however, as on Android phones this added layer doesn't even exist and everything is handled directly by the main CPU and storage.
With Android I'd be scared to begin with!
 
TheralSadurns said:
Quite simple. The Secure Enclave is an extra layer of protection that has in this one instance now partially been compromised.

This is not such big a deal, however, as on Android phones this added layer doesn't even exist and everything is handled directly by the main CPU and storage.
With Android I'd be scared to begin with!
Click to expand...
I understand what the iPhones sep is for. Seems like you brought up Android phones for no reason. This article is about the iphones being compromised.

Edited to change wording.
 
Phonephreak said:
I understand what the iPhones sep is for. Seems like you brought up Android phones for no reason. This article is about the iphones being compromised.

Edited to change wording.
Click to expand...


My reason was to put things in perspective.
Aka... yes it is bad. But it is not the end of the world. As a lot of things are far worse from the get go.

Same argument I tend to make when people freak out over online banking and how dangerous it is... because someone might hack into your computer and steal all the login credentials and blah blah. My comparison here is, to bring up what no one ever complains about as the biggest security risk EVER. That we can PAY with our credit cards (and do many other things) simply by giving OUR SIGNATURE!
There's no validation AT ALL. And in case of a credit card... the signature is also RIGHT THERE on the back and as a result EASY to copy.

So ya... just putting things in relation to one another to show how bad something really is... or rather isn't.
 
  • Like
Reactions: Phonephreak
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back